{
  "schemaVersion": 1,
  "generatedAt": "2026-06-09T21:39:35.855Z",
  "evaluationDate": "2026-06-09",
  "policy": {
    "blockingSeverities": [
      "CRITICAL",
      "HIGH"
    ],
    "waiverRequirements": [
      "CVE or vulnerability ID",
      "explicit target",
      "owner",
      "approver",
      "Jira or tracking issue",
      "decision",
      "rationale",
      "expiry",
      "compensating controls",
      "remediation plan",
      "approval evidence",
      "customer-safe public rationale",
      "customer-safe public compensating controls"
    ],
    "scope": {
      "defaultMode": "blocking",
      "manifestFile": "scan-manifest.json",
      "reportOnlyMode": "Findings from report-only scan reports are retained as evidence but do not fail the release gate."
    }
  },
  "status": "pass",
  "totals": {
    "reports": 17,
    "findings": 933,
    "blockingFindings": 0,
    "violations": 0,
    "waived": 0,
    "reportOnlyFindings": 933,
    "invalidWaivers": 0,
    "expiredWaivers": 0
  },
  "violations": [],
  "waived": [],
  "reportOnly": [
    {
      "id": "CVE-2026-10931",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-10966",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Codecs"
    },
    {
      "id": "CVE-2026-10971",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-10972",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10974",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-10990",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-11002",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-11113",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-11120",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Enterprise Reporting"
    },
    {
      "id": "CVE-2026-9872",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9873",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9874",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-9875",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9876",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9878",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9879",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9880",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebGL"
    },
    {
      "id": "CVE-2026-9881",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9883",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9884",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Browser"
    },
    {
      "id": "CVE-2026-9885",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-9886",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9888",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-9889",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Dawn"
    },
    {
      "id": "CVE-2026-9890",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9891",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-9892",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9893",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10000",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10001",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PerformanceManager"
    },
    {
      "id": "CVE-2026-10002",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-10003",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10005",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10006",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebAudio"
    },
    {
      "id": "CVE-2026-10007",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed ..."
    },
    {
      "id": "CVE-2026-10008",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-10009",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-10010",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Input"
    },
    {
      "id": "CVE-2026-10011",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-10012",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10013",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-10014",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-10015",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WTF"
    },
    {
      "id": "CVE-2026-10016",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-10019",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-10881",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-10882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-10883",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-10884",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromecast"
    },
    {
      "id": "CVE-2026-10885",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10886",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-10887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10888",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast Streaming"
    },
    {
      "id": "CVE-2026-10889",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10890",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-10891",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-10892",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-10893",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Printing"
    },
    {
      "id": "CVE-2026-10895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-10898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Stack buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-10899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-10906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAuthentication"
    },
    {
      "id": "CVE-2026-10907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-10908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FullScreen"
    },
    {
      "id": "CVE-2026-10909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-10910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-10911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-10912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Extensions"
    },
    {
      "id": "CVE-2026-10913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-10916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-10918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Viz"
    },
    {
      "id": "CVE-2026-10919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-10921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Dawn"
    },
    {
      "id": "CVE-2026-10922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Chromecast"
    },
    {
      "id": "CVE-2026-10925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-10926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-10927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-10928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Script injection in Headless"
    },
    {
      "id": "CVE-2026-10929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-10930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-10933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Audio"
    },
    {
      "id": "CVE-2026-10934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-10935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-10939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Race in Codecs"
    },
    {
      "id": "CVE-2026-10941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in Skia"
    },
    {
      "id": "CVE-2026-10942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-10943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10944",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Autofill"
    },
    {
      "id": "CVE-2026-10945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-10946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Media"
    },
    {
      "id": "CVE-2026-10947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Video"
    },
    {
      "id": "CVE-2026-10950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Autofill"
    },
    {
      "id": "CVE-2026-10951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-10952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-10954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Actor"
    },
    {
      "id": "CVE-2026-10955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in ANGLE"
    },
    {
      "id": "CVE-2026-10956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in MimeHandlerView"
    },
    {
      "id": "CVE-2026-10957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-10958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-10960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Codecs"
    },
    {
      "id": "CVE-2026-10961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Media"
    },
    {
      "id": "CVE-2026-10963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in DevTools"
    },
    {
      "id": "CVE-2026-10967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-10968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Dawn"
    },
    {
      "id": "CVE-2026-10969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Extensions"
    },
    {
      "id": "CVE-2026-10970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in InterestGroups"
    },
    {
      "id": "CVE-2026-10973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-10975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-10977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Skia"
    },
    {
      "id": "CVE-2026-10978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Codecs"
    },
    {
      "id": "CVE-2026-10982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-10983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Dawn"
    },
    {
      "id": "CVE-2026-10984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Accessibility"
    },
    {
      "id": "CVE-2026-10985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Skia"
    },
    {
      "id": "CVE-2026-10986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Media"
    },
    {
      "id": "CVE-2026-10987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in TabStrip"
    },
    {
      "id": "CVE-2026-11102",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Isolated Web Apps"
    },
    {
      "id": "CVE-2026-9877",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-9894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-9898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-9899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Site Isolation"
    },
    {
      "id": "CVE-2026-9904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-9908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in ANGLE"
    },
    {
      "id": "CVE-2026-9911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in GPU"
    },
    {
      "id": "CVE-2026-9913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-9914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-9919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-9921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-9924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebGL"
    },
    {
      "id": "CVE-2026-9930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Dawn"
    },
    {
      "id": "CVE-2026-9931",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-9935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-9937",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9938",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-9939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-9940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-9946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XML"
    },
    {
      "id": "CVE-2026-9948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in iOS"
    },
    {
      "id": "CVE-2026-9951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAudio"
    },
    {
      "id": "CVE-2026-9953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in TabStrip"
    },
    {
      "id": "CVE-2026-9955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-9957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-9958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-9959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebRTC"
    },
    {
      "id": "CVE-2026-9960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in PDFium"
    },
    {
      "id": "CVE-2026-9961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-9962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Uninitialized Use in iOS"
    },
    {
      "id": "CVE-2026-9964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9966",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-9967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-9969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9971",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9972",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Gamepad"
    },
    {
      "id": "CVE-2026-9973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9974",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-9976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in USB"
    },
    {
      "id": "CVE-2026-9977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-9978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-9979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Input"
    },
    {
      "id": "CVE-2026-9980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-9981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Skia"
    },
    {
      "id": "CVE-2026-9984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-9986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in OptimizationGuide"
    },
    {
      "id": "CVE-2026-9987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9990",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9991",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9992",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9993",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9994",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-9996",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebRTC"
    },
    {
      "id": "CVE-2026-9997",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9998",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9999",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-10931",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-10966",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Codecs"
    },
    {
      "id": "CVE-2026-10971",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-10972",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10974",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-10990",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-11002",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-11113",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-11120",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Enterprise Reporting"
    },
    {
      "id": "CVE-2026-9872",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9873",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9874",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-9875",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9876",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9878",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9879",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9880",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebGL"
    },
    {
      "id": "CVE-2026-9881",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9883",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9884",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Browser"
    },
    {
      "id": "CVE-2026-9885",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-9886",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Base"
    },
    {
      "id": "CVE-2026-9888",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebView"
    },
    {
      "id": "CVE-2026-9889",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in Dawn"
    },
    {
      "id": "CVE-2026-9890",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XR"
    },
    {
      "id": "CVE-2026-9891",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Extensions"
    },
    {
      "id": "CVE-2026-9892",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9893",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10000",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10001",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PerformanceManager"
    },
    {
      "id": "CVE-2026-10002",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-10003",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10005",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10006",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebAudio"
    },
    {
      "id": "CVE-2026-10007",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed ..."
    },
    {
      "id": "CVE-2026-10008",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-10009",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-10010",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Input"
    },
    {
      "id": "CVE-2026-10011",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-10012",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-10013",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebCodecs"
    },
    {
      "id": "CVE-2026-10014",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebMIDI"
    },
    {
      "id": "CVE-2026-10015",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in WTF"
    },
    {
      "id": "CVE-2026-10016",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-10019",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-10881",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-10882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-10883",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-10884",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromecast"
    },
    {
      "id": "CVE-2026-10885",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10886",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FileSystem"
    },
    {
      "id": "CVE-2026-10887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10888",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast Streaming"
    },
    {
      "id": "CVE-2026-10889",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10890",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-10891",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-10892",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-10893",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Printing"
    },
    {
      "id": "CVE-2026-10895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-10898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Stack buffer overflow in GPU"
    },
    {
      "id": "CVE-2026-10899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Passwords"
    },
    {
      "id": "CVE-2026-10902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Ozone"
    },
    {
      "id": "CVE-2026-10903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-10906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAuthentication"
    },
    {
      "id": "CVE-2026-10907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-10908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in FullScreen"
    },
    {
      "id": "CVE-2026-10909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Dawn"
    },
    {
      "id": "CVE-2026-10910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-10911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-10912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Extensions"
    },
    {
      "id": "CVE-2026-10913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-10916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-10918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Viz"
    },
    {
      "id": "CVE-2026-10919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-10920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-10921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Dawn"
    },
    {
      "id": "CVE-2026-10922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-10924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Chromecast"
    },
    {
      "id": "CVE-2026-10925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Skia"
    },
    {
      "id": "CVE-2026-10926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Cast"
    },
    {
      "id": "CVE-2026-10927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-10928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Script injection in Headless"
    },
    {
      "id": "CVE-2026-10929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-10930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-10933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Audio"
    },
    {
      "id": "CVE-2026-10934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-10935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in V8"
    },
    {
      "id": "CVE-2026-10939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Race in Codecs"
    },
    {
      "id": "CVE-2026-10941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in Skia"
    },
    {
      "id": "CVE-2026-10942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in UI"
    },
    {
      "id": "CVE-2026-10943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10944",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Autofill"
    },
    {
      "id": "CVE-2026-10945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-10946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Media"
    },
    {
      "id": "CVE-2026-10947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in Video"
    },
    {
      "id": "CVE-2026-10950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient policy enforcement in Autofill"
    },
    {
      "id": "CVE-2026-10951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Autofill"
    },
    {
      "id": "CVE-2026-10952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-10954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Actor"
    },
    {
      "id": "CVE-2026-10955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in ANGLE"
    },
    {
      "id": "CVE-2026-10956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in MimeHandlerView"
    },
    {
      "id": "CVE-2026-10957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-10958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-10960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Codecs"
    },
    {
      "id": "CVE-2026-10961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in Chrome for iOS"
    },
    {
      "id": "CVE-2026-10962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Media"
    },
    {
      "id": "CVE-2026-10963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in DevTools"
    },
    {
      "id": "CVE-2026-10967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-10968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Dawn"
    },
    {
      "id": "CVE-2026-10969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Extensions"
    },
    {
      "id": "CVE-2026-10970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in InterestGroups"
    },
    {
      "id": "CVE-2026-10973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-10975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-10976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Dawn"
    },
    {
      "id": "CVE-2026-10977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Skia"
    },
    {
      "id": "CVE-2026-10978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Chromoting"
    },
    {
      "id": "CVE-2026-10979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-10980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in DevTools"
    },
    {
      "id": "CVE-2026-10981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Codecs"
    },
    {
      "id": "CVE-2026-10982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-10983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Dawn"
    },
    {
      "id": "CVE-2026-10984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Accessibility"
    },
    {
      "id": "CVE-2026-10985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Skia"
    },
    {
      "id": "CVE-2026-10986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Media"
    },
    {
      "id": "CVE-2026-10987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-10988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-10989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-10995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in TabStrip"
    },
    {
      "id": "CVE-2026-11102",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "149.0.7827.53-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Isolated Web Apps"
    },
    {
      "id": "CVE-2026-9877",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9887",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Proxy"
    },
    {
      "id": "CVE-2026-9894",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9895",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in GPU"
    },
    {
      "id": "CVE-2026-9896",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9897",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in DOM"
    },
    {
      "id": "CVE-2026-9898",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in GPU"
    },
    {
      "id": "CVE-2026-9899",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9900",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9901",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9902",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9903",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Site Isolation"
    },
    {
      "id": "CVE-2026-9904",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9905",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Accessibility"
    },
    {
      "id": "CVE-2026-9906",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9907",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in Dawn"
    },
    {
      "id": "CVE-2026-9908",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9909",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9910",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds memory access in ANGLE"
    },
    {
      "id": "CVE-2026-9911",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9912",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in GPU"
    },
    {
      "id": "CVE-2026-9913",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-9914",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9915",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9916",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9917",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9918",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Tint"
    },
    {
      "id": "CVE-2026-9919",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9920",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in GPU"
    },
    {
      "id": "CVE-2026-9921",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in WebGL"
    },
    {
      "id": "CVE-2026-9922",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9923",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Skia"
    },
    {
      "id": "CVE-2026-9924",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9925",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9926",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9927",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9928",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9929",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in WebGL"
    },
    {
      "id": "CVE-2026-9930",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in Dawn"
    },
    {
      "id": "CVE-2026-9931",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GPU"
    },
    {
      "id": "CVE-2026-9932",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9933",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9934",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Aura"
    },
    {
      "id": "CVE-2026-9935",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9936",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in GFX"
    },
    {
      "id": "CVE-2026-9937",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9938",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in V8"
    },
    {
      "id": "CVE-2026-9939",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in WebCodecs"
    },
    {
      "id": "CVE-2026-9940",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Heap buffer overflow in ANGLE"
    },
    {
      "id": "CVE-2026-9941",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9942",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in ANGLE"
    },
    {
      "id": "CVE-2026-9943",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebGL"
    },
    {
      "id": "CVE-2026-9945",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Media"
    },
    {
      "id": "CVE-2026-9946",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in ANGLE"
    },
    {
      "id": "CVE-2026-9947",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in XML"
    },
    {
      "id": "CVE-2026-9948",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9950",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Insufficient validation of untrusted input in iOS"
    },
    {
      "id": "CVE-2026-9951",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9952",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAudio"
    },
    {
      "id": "CVE-2026-9953",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in ANGLE"
    },
    {
      "id": "CVE-2026-9954",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in TabStrip"
    },
    {
      "id": "CVE-2026-9955",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9956",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Use after free in iOS"
    },
    {
      "id": "CVE-2026-9957",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDF"
    },
    {
      "id": "CVE-2026-9958",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in PDFium"
    },
    {
      "id": "CVE-2026-9959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Race in WebRTC"
    },
    {
      "id": "CVE-2026-9960",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in PDFium"
    },
    {
      "id": "CVE-2026-9961",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in SurfaceCapture"
    },
    {
      "id": "CVE-2026-9962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9963",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Uninitialized Use in iOS"
    },
    {
      "id": "CVE-2026-9964",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Bluetooth"
    },
    {
      "id": "CVE-2026-9965",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in ANGLE"
    },
    {
      "id": "CVE-2026-9966",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in XML"
    },
    {
      "id": "CVE-2026-9967",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9968",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in V8"
    },
    {
      "id": "CVE-2026-9969",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9970",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebGL"
    },
    {
      "id": "CVE-2026-9971",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: chromium-browser: Inappropriate implementation in iOS"
    },
    {
      "id": "CVE-2026-9972",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Uninitialized Use in Gamepad"
    },
    {
      "id": "CVE-2026-9973",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in V8"
    },
    {
      "id": "CVE-2026-9974",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds write in GPU"
    },
    {
      "id": "CVE-2026-9975",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read and write in ANGLE"
    },
    {
      "id": "CVE-2026-9976",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in USB"
    },
    {
      "id": "CVE-2026-9977",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebShare"
    },
    {
      "id": "CVE-2026-9978",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Glic"
    },
    {
      "id": "CVE-2026-9979",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Input"
    },
    {
      "id": "CVE-2026-9980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Printing"
    },
    {
      "id": "CVE-2026-9981",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Skia"
    },
    {
      "id": "CVE-2026-9982",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in ANGLE"
    },
    {
      "id": "CVE-2026-9983",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Type Confusion in Skia"
    },
    {
      "id": "CVE-2026-9984",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in UI"
    },
    {
      "id": "CVE-2026-9985",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in Media"
    },
    {
      "id": "CVE-2026-9986",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in OptimizationGuide"
    },
    {
      "id": "CVE-2026-9987",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Insufficient validation of untrusted input in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9988",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebRTC"
    },
    {
      "id": "CVE-2026-9989",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9990",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebAppInstalls"
    },
    {
      "id": "CVE-2026-9991",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in Media"
    },
    {
      "id": "CVE-2026-9992",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Network"
    },
    {
      "id": "CVE-2026-9993",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Views"
    },
    {
      "id": "CVE-2026-9994",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Core"
    },
    {
      "id": "CVE-2026-9995",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in WebXR"
    },
    {
      "id": "CVE-2026-9996",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Out of bounds read in WebRTC"
    },
    {
      "id": "CVE-2026-9997",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Use after free in Input"
    },
    {
      "id": "CVE-2026-9998",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Integer overflow in Skia"
    },
    {
      "id": "CVE-2026-9999",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "chromium-common",
      "installedVersion": "148.0.7778.178-1~deb13u1",
      "fixedVersion": "148.0.7778.215-1~deb13u1",
      "title": "chromium-browser: Inappropriate implementation in ANGLE"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "curl",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "curl",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "dirmngr",
      "installedVersion": "2.4.7-21+deb13u1+b3",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gnupg",
      "installedVersion": "2.4.7-21+deb13u1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gnupg-l10n",
      "installedVersion": "2.4.7-21+deb13u1",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpg",
      "installedVersion": "2.4.7-21+deb13u1+b3",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpg-agent",
      "installedVersion": "2.4.7-21+deb13u1+b3",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpgconf",
      "installedVersion": "2.4.7-21+deb13u1+b3",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-24882",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "gpgsm",
      "installedVersion": "2.4.7-21+deb13u1+b3",
      "fixedVersion": "",
      "title": "GnuPG: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution"
    },
    {
      "id": "CVE-2026-34980",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcups2t64",
      "installedVersion": "2.4.10-3+deb13u2",
      "fixedVersion": "",
      "title": "cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl3t64-gnutls",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl3t64-gnutls",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2026-5773",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl4t64",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse"
    },
    {
      "id": "CVE-2026-6276",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcurl4t64",
      "installedVersion": "8.20.0-2~bpo13+1",
      "fixedVersion": "",
      "title": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers"
    },
    {
      "id": "CVE-2025-59375",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "id": "CVE-2026-25210",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation"
    },
    {
      "id": "CVE-2026-45186",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libexpat1",
      "installedVersion": "2.7.1-2",
      "fixedVersion": "",
      "title": "libexpat: denial of service via crafted XML input"
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgbm1",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libgl1-mesa-dri",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libglx-mesa0",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libncursesw6",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libperl5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-10118",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpoppler147",
      "installedVersion": "25.03.0-5+deb13u2",
      "fixedVersion": "",
      "title": "poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13",
      "installedVersion": "3.13.5-2+deb13u2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-minimal",
      "installedVersion": "3.13.5-2+deb13u2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libpython3.13-stdlib",
      "installedVersion": "3.13.5-2+deb13u2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2026-37555",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libsndfile1",
      "installedVersion": "1.2.2-2+deb13u1",
      "fixedVersion": "",
      "title": "libsndfile: integer overflow in ima_reader_init()"
    },
    {
      "id": "CVE-2026-7598",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssh2-1t64",
      "installedVersion": "1.11.1-1",
      "fixedVersion": "",
      "title": "libssh2: integer overflow via large username or password arguments"
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libtinfo6",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2026-40393",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "mesa-libgallium",
      "installedVersion": "25.0.7-2",
      "fixedVersion": "",
      "title": "In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory acces ..."
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ncurses-base",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2025-69720",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ncurses-bin",
      "installedVersion": "6.5+20250216-2",
      "fixedVersion": "",
      "title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-base",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-42496",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access"
    },
    {
      "id": "CVE-2026-8376",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Perl versions through 5.43.10 have a heap buffer overflow when compili ..."
    },
    {
      "id": "CVE-2026-42497",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attack ..."
    },
    {
      "id": "CVE-2026-48959",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ..."
    },
    {
      "id": "CVE-2026-48962",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob"
    },
    {
      "id": "CVE-2026-9538",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "perl-modules-5.40",
      "installedVersion": "5.40.1-6",
      "fixedVersion": "",
      "title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via ..."
    },
    {
      "id": "CVE-2026-23949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3-pkg-resources",
      "installedVersion": "78.1.1-0.1",
      "fixedVersion": "",
      "title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives"
    },
    {
      "id": "CVE-2026-23949",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3-setuptools",
      "installedVersion": "78.1.1-0.1",
      "fixedVersion": "",
      "title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13",
      "installedVersion": "3.13.5-2+deb13u2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2026-7210",
      "severity": "CRITICAL",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "python3.13-minimal",
      "installedVersion": "3.13.5-2+deb13u2",
      "fixedVersion": "",
      "title": "python: expat: Python/Expat: Denial of Service via crafted XML document"
    },
    {
      "id": "CVE-2022-4055",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "staging-registry.payment-gateway.app/gotenberg:8.33.0@sha256:bddd8ea9d076e2d08b6ddaa6efae6403185202c6dab65a6488ed0a6923d6d8e8 (debian 13.5)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "xdg-utils",
      "installedVersion": "1.2.1-2",
      "fixedVersion": "",
      "title": "xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/gotenberg",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "gotenberg",
      "report": "gotenberg.vuln.json",
      "target": "usr/bin/pdfcpu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.26.2",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "staging-registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "staging-registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl-utils",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-6965",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "staging-registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "sqlite-libs",
      "installedVersion": "3.41.2-r3",
      "fixedVersion": "3.41.2-r4",
      "title": "sqlite: Integer Truncation in SQLite"
    },
    {
      "id": "CVE-2025-31115",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "staging-registry.payment-gateway.app/mgob:2.0.28@sha256:ad347cfd1b453541d855ef0af88aaaecfee4cf18332bfbecd50520e3c4718f27 (alpine 3.18.11)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "xz-libs",
      "installedVersion": "5.4.3-r0",
      "fixedVersion": "5.4.3-r1",
      "title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder"
    },
    {
      "id": "CVE-2026-32597",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "PyJWT",
      "installedVersion": "2.10.1",
      "fixedVersion": "2.12.0",
      "title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)"
    },
    {
      "id": "CVE-2026-21226",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "azure-core",
      "installedVersion": "1.32.0",
      "fixedVersion": "1.38.0",
      "title": "Azure Core is vulnerable to deserialization of untrusted data"
    },
    {
      "id": "CVE-2026-26007",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cryptography",
      "installedVersion": "43.0.1",
      "fixedVersion": "46.0.5",
      "title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    },
    {
      "id": "CVE-2026-26007",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cryptography",
      "installedVersion": "44.0.0",
      "fixedVersion": "46.0.5",
      "title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    },
    {
      "id": "CVE-2026-27459",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyOpenSSL",
      "installedVersion": "24.2.1",
      "fixedVersion": "26.0.0",
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "id": "CVE-2026-27459",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyOpenSSL",
      "installedVersion": "25.0.0",
      "fixedVersion": "26.0.0",
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "id": "CVE-2026-23490",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyasn1",
      "installedVersion": "0.6.1",
      "fixedVersion": "0.6.2",
      "title": "pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID"
    },
    {
      "id": "CVE-2026-30922",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "pyasn1",
      "installedVersion": "0.6.1",
      "fixedVersion": "0.6.3",
      "title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
    },
    {
      "id": "CVE-2022-40897",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "65.5.1",
      "title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
    },
    {
      "id": "CVE-2022-40897",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "65.5.1",
      "title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
    },
    {
      "id": "CVE-2024-6345",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "70.0.0",
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "id": "CVE-2024-6345",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "70.0.0",
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "65.5.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-47273",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "setuptools",
      "installedVersion": "70.3.0",
      "fixedVersion": "78.1.1",
      "title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
    },
    {
      "id": "CVE-2025-66418",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.0",
      "title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
    },
    {
      "id": "CVE-2025-66471",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.0",
      "title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
    },
    {
      "id": "CVE-2026-21441",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.6.3",
      "title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
    },
    {
      "id": "CVE-2026-44431",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "urllib3",
      "installedVersion": "1.26.20",
      "fixedVersion": "2.7.0",
      "title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
    },
    {
      "id": "CVE-2026-24049",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "wheel",
      "installedVersion": "0.44.0",
      "fixedVersion": "0.46.2",
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    },
    {
      "id": "CVE-2026-24049",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "Python",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "wheel",
      "installedVersion": "0.45.1",
      "fixedVersion": "0.46.2",
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2024-34156",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.22.7, 1.23.1",
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "google-cloud-sdk/bin/gcloud-crc32c",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.4",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v4",
      "installedVersion": "v4.5.1",
      "fixedVersion": "4.5.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2026-42151",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/prometheus/prometheus",
      "installedVersion": "v0.301.0",
      "fixedVersion": "0.311.3",
      "title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
    },
    {
      "id": "CVE-2026-42154",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/prometheus/prometheus",
      "installedVersion": "v0.301.0",
      "fixedVersion": "0.311.3, 0.305.2",
      "title": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2026-33186",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "google.golang.org/grpc",
      "installedVersion": "v1.69.4",
      "fixedVersion": "1.79.3",
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mc",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.6",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.32.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.22.8",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-44973",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/go-git/go-billy/v5",
      "installedVersion": "v5.6.0",
      "fixedVersion": "5.9.0",
      "title": "Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ..."
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v4",
      "installedVersion": "v4.5.1",
      "fixedVersion": "4.5.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-30204",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "github.com/golang-jwt/jwt/v5",
      "installedVersion": "v5.2.1",
      "fixedVersion": "5.2.2",
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.31.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-22868",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/oauth2",
      "installedVersion": "v0.24.0",
      "fixedVersion": "0.27.0",
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "id": "CVE-2026-33186",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "google.golang.org/grpc",
      "installedVersion": "v1.67.1",
      "fixedVersion": "1.79.3",
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/bin/rclone",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.23.4",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-22869",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "golang.org/x/crypto",
      "installedVersion": "v0.31.0",
      "fixedVersion": "0.35.0",
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2024-34156",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.22.7, 1.23.1",
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mgob",
      "report": "mgob.vuln.json",
      "target": "usr/local/bin/mgob",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.21.13",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2024-6119",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "staging-registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libcrypto3",
      "installedVersion": "3.1.4-r5",
      "fixedVersion": "3.1.7-r0",
      "title": "openssl: Possible denial of service in X.509 name checks"
    },
    {
      "id": "CVE-2024-6119",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "staging-registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "libssl3",
      "installedVersion": "3.1.4-r5",
      "fixedVersion": "3.1.7-r0",
      "title": "openssl: Possible denial of service in X.509 name checks"
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "staging-registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2025-26519",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "staging-registry.payment-gateway.app/mongo-express:latest@sha256:1b23d7976f0210dbec74045c209e52fbb26d29b2e873d6c6fa3d3f0ae32c2a64 (alpine 3.18.6)",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "musl-utils",
      "installedVersion": "1.2.4-r2",
      "fixedVersion": "1.2.4-r3",
      "title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ..."
    },
    {
      "id": "CVE-2023-45133",
      "severity": "CRITICAL",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "@babel/traverse",
      "installedVersion": "7.19.6",
      "fixedVersion": "7.23.2, 8.0.0-alpha.4",
      "title": "babel: arbitrary code execution"
    },
    {
      "id": "CVE-2024-47178",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "basic-auth-connect",
      "installedVersion": "1.0.0",
      "fixedVersion": "1.1.0",
      "title": "basic-auth-connect: timing-unsafe equality comparison can leak timing information"
    },
    {
      "id": "CVE-2024-45590",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "body-parser",
      "installedVersion": "1.20.1",
      "fixedVersion": "1.20.3",
      "title": "body-parser: Denial of Service Vulnerability in body-parser"
    },
    {
      "id": "CVE-2024-21538",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cross-spawn",
      "installedVersion": "7.0.3",
      "fixedVersion": "7.0.5, 6.0.6",
      "title": "cross-spawn: regular expression denial of service"
    },
    {
      "id": "CVE-2024-21538",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "cross-spawn",
      "installedVersion": "7.0.3",
      "fixedVersion": "7.0.5, 6.0.6",
      "title": "cross-spawn: regular expression denial of service"
    },
    {
      "id": "CVE-2026-33036",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "fast-xml-parser",
      "installedVersion": "4.0.11",
      "fixedVersion": "5.5.6, 4.5.5",
      "title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass"
    },
    {
      "id": "CVE-2025-64756",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "glob",
      "installedVersion": "10.3.12",
      "fixedVersion": "11.1.0, 10.5.0",
      "title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
    },
    {
      "id": "CVE-2024-29415",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "ip",
      "installedVersion": "2.0.0",
      "fixedVersion": "",
      "title": "node-ip: Incomplete fix for CVE-2023-42282"
    },
    {
      "id": "CVE-2022-46175",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "json5",
      "installedVersion": "2.2.1",
      "fixedVersion": "2.2.2, 1.0.2",
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "id": "CVE-2026-4800",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "lodash",
      "installedVersion": "4.17.21",
      "fixedVersion": "4.18.0",
      "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
    },
    {
      "id": "CVE-2026-4800",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "lodash-es",
      "installedVersion": "4.17.21",
      "fixedVersion": "4.18.0",
      "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
    },
    {
      "id": "CVE-2026-26996",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
    },
    {
      "id": "CVE-2026-27903",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns"
    },
    {
      "id": "CVE-2026-27904",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "3.1.2",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4",
      "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
    },
    {
      "id": "CVE-2026-26996",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
    },
    {
      "id": "CVE-2026-27903",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3",
      "title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns"
    },
    {
      "id": "CVE-2026-27904",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "minimatch",
      "installedVersion": "9.0.4",
      "fixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4",
      "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
    },
    {
      "id": "CVE-2024-45296",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0",
      "title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
    },
    {
      "id": "CVE-2024-52798",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "0.1.12",
      "title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
    },
    {
      "id": "CVE-2026-4867",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "path-to-regexp",
      "installedVersion": "0.1.7",
      "fixedVersion": "0.1.13",
      "title": "path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters"
    },
    {
      "id": "CVE-2022-25883",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "semver",
      "installedVersion": "6.3.0",
      "fixedVersion": "7.5.2, 6.3.1, 5.7.2",
      "title": "nodejs-semver: Regular expression denial of service"
    },
    {
      "id": "CVE-2026-23745",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.3",
      "title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
    },
    {
      "id": "CVE-2026-23950",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.4",
      "title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
    },
    {
      "id": "CVE-2026-24842",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.7",
      "title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
    },
    {
      "id": "CVE-2026-26960",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.8",
      "title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
    },
    {
      "id": "CVE-2026-29786",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.10",
      "title": "node-tar: hardlink path traversal via drive-relative linkpath"
    },
    {
      "id": "CVE-2026-31802",
      "severity": "HIGH",
      "component": "mongo-express",
      "report": "mongo-express.vuln.json",
      "target": "Node.js",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "tar",
      "installedVersion": "6.2.1",
      "fixedVersion": "7.5.11",
      "title": "tar: tar: File overwrite via drive-relative symlink traversal"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/bsondump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongodump",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoexport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongofiles",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongoimport",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongorestore",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongostat",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/bin/mongotop",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.25.9",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    },
    {
      "id": "CVE-2025-68121",
      "severity": "CRITICAL",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3",
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "id": "CVE-2025-61726",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.12, 1.25.6",
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "id": "CVE-2025-61729",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.24.11, 1.25.5",
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "id": "CVE-2026-25679",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.8, 1.26.1",
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "id": "CVE-2026-32280",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "id": "CVE-2026-32281",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "id": "CVE-2026-32283",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.9, 1.26.2",
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "id": "CVE-2026-33811",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    },
    {
      "id": "CVE-2026-33814",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ..."
    },
    {
      "id": "CVE-2026-39820",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ..."
    },
    {
      "id": "CVE-2026-39823",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly  ..."
    },
    {
      "id": "CVE-2026-39825",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ReverseProxy can forward queries containing parameters not visible to  ..."
    },
    {
      "id": "CVE-2026-39836",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "ELSA-2026-22112:  go-toolset:ol8 security update (IMPORTANT)"
    },
    {
      "id": "CVE-2026-42499",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.10, 1.26.3",
      "title": "Pathological inputs could cause DoS through consumePhrase when parsing ..."
    },
    {
      "id": "CVE-2026-42504",
      "severity": "HIGH",
      "component": "mongo",
      "report": "mongo.vuln.json",
      "target": "usr/local/bin/gosu",
      "policyMode": "report-only",
      "scanType": "runtimeImage",
      "componentChanged": false,
      "package": "stdlib",
      "installedVersion": "v1.24.6",
      "fixedVersion": "1.25.11, 1.26.4",
      "title": "Decoding a maliciously-crafted MIME header containing many invalid enc ..."
    }
  ],
  "invalidWaivers": [],
  "expiredWaivers": []
}
