## Summary opensource/defectdojo/defectdojo-nginx has 14 new findings discovered during continuous monitoring. More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/defectdojo/defectdojo-nginx&tag=2.58.0&branch=master EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild. KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA. id | source | severity | package | impact | workaround | epss_score | kev -- | ------ | -------- | ------- | ------ | ---------- | ---------- | --- CVE-2025-4598 | Anchore CVE | Medium | systemd-pam-257-13.el10_1.3 | | | 0.00085 | false CVE-2025-4598 | Anchore CVE | Medium | systemd-257-13.el10_1.3 | | | 0.00085 | false CVE-2025-4598 | Anchore CVE | Medium | systemd-libs-257-13.el10_1.3 | | | 0.00085 | false CVE-2026-31790 | Anchore CVE | Medium | openssl-fips-provider-so-3.0.7-8.el10 | | | 0.00017 | false CVE-2026-31790 | Anchore CVE | Medium | openssl-fips-provider-3.0.7-8.el10 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | libuuid-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | libblkid-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | libfdisk-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | util-linux-core-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | libsmartcols-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-27456 | Anchore CVE | Medium | libmount-2.40.2-16.el10_1 | | | 0.00017 | false CVE-2026-4105 | Anchore CVE | Medium | systemd-257-13.el10_1.3 | | | 0.00012 | false CVE-2026-4105 | Anchore CVE | Medium | systemd-libs-257-13.el10_1.3 | | | 0.00012 | false CVE-2026-4105 | Anchore CVE | Medium | systemd-pam-257-13.el10_1.3 | | | 0.00012 | false More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/defectdojo/defectdojo-nginx&tag=2.58.0&branch=master ### Novel Tidelift Findings (Experimental) opensource/defectdojo/defectdojo-nginx has 4 novel Tidelift findings discovered during continuous monitoring. **_NOTE:_** This table is for Iron Bank evaluation and testing purposes. No action required by vendors. id | cvss score | package | impact | workaround | epss_score | kev -- | ---------- | ------- | ------ | ---------- | ---------- | --- CVE-2018-14041 | 6.1 | bootstrap-3.3.4 | | | 0.07723 | false CVE-2018-14041 | 6.1 | bootstrap-3.4.1 | | | 0.07723 | false CVE-2018-14042 | 6.1 | bootstrap-3.4.1 | | | 0.02343 | false CVE-2018-14040 | 6.1 | bootstrap-3.4.1 | | | 0.01926 | false ## Tasks Contributor: - [ ] Apply the ~"Status::Review" label to this issue for a `merge request review` and wait for feedback OR - [ ] Provide justifications for findings in the [VAT](https://vat.dso.mil) ([docs](https://docs-ironbank.dso.mil/hardening/justifications/)) - [ ] Apply the ~"Status::Verification" label to this issue for a `VAT justifications review` and wait for feedback Iron Bank: - [ ] Review findings and justifications > Note: If the above process is rejected for any reason, the `Review` or `Verification` label will be removed and the issue will be sent back to `To-Do`. Any comments will be listed in this issue for you to address. Once they have been addressed, you **must** re-add the `Review` or `Verification` label. ## Questions? Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add `/cc @ironbank-notifications/onboarding`. Additionally, Iron Bank hosts an [AMA](https://www.zoomgov.com/meeting/register/vJIsdemoqTMpGpm-2c6xjdAm0MLD6vuvu5I) working session every Wednesday from 1630-1730EST to answer questions.