elasticsearch
Patched Databases & Caching
from
mirror.gcr.io/library/elasticsearch
Pull Reference
ghcr.io/verity-org/library/elasticsearch
docker pull ghcr.io/verity-org/library/elasticsearch
Available Versions
9.4.1
latest
2 CVEs fixed
161 remaining
9.4.0 4 CVEs fixed
217 remaining
9.3.4 2 CVEs fixed
195 remaining
Copa-Patched Image
Patched in-place from the upstream image using Copa . OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance details
Signed
SLSA L3
SBOM
Rekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/library/elasticsearch:9.4.1
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/library/elasticsearch:9.4.1 \ --owner verity-org
Vulnerability Scan
Found 163 vulnerabilit ies in the original image. 2 fixed by Copa. 161 remaining after patching.
5HIGH98MEDIUM60LOW
Fix available — pending patch
These vulnerabilities have upstream fixes but could not be automatically patched.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.15.0 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.17.2 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.17.2 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.19.2 | 2.21.1, 2.18.6 | MEDIUM |
| GHSA-72hv-8253-57qq | com.fasterxml.jackson.core:jackson-core | 2.19.2 | 2.21.1, 2.18.6 | MEDIUM |
| CVE-2026-45292 | io.opentelemetry:opentelemetry-api | 1.47.0 | 1.62.0 | MEDIUM |
| CVE-2026-45292 | io.opentelemetry:opentelemetry-api | 1.47.0 | 1.62.0 | MEDIUM |
| CVE-2026-45292 | io.opentelemetry:opentelemetry-api | 1.60.1 | 1.62.0 | MEDIUM |
| CVE-2025-22227 | io.projectreactor.netty:reactor-netty-http | 1.0.45 | 1.3.0-M5, 1.2.8 | MEDIUM |
| CVE-2025-22227 | io.projectreactor.netty:reactor-netty-http | 1.0.45 | 1.3.0-M5, 1.2.8 | MEDIUM |
| CVE-2025-22227 | io.projectreactor.netty:reactor-netty-http | 1.0.45 | 1.3.0-M5, 1.2.8 | MEDIUM |
| CVE-2025-48924 | org.apache.commons:commons-lang3 | 3.14.0 | 3.18.0 | MEDIUM |
| CVE-2025-48924 | org.apache.commons:commons-lang3 | 3.9 | 3.18.0 | MEDIUM |
| CVE-2025-48924 | org.apache.commons:commons-lang3 | 3.9 | 3.18.0 | MEDIUM |
| CVE-2026-34479 | org.apache.logging.log4j:log4j-1.2-api | 2.19.0 | 2.25.4 | MEDIUM |
| CVE-2026-34479 | org.apache.logging.log4j:log4j-1.2-api | 2.19.0 | 2.25.4 | MEDIUM |
| CVE-2026-34479 | org.apache.logging.log4j:log4j-1.2-api | 2.19.0 | 2.25.4 | MEDIUM |
| CVE-2025-68161 | org.apache.logging.log4j:log4j-core | 2.19.0 | 2.25.3 | MEDIUM |
| CVE-2026-34477 | org.apache.logging.log4j:log4j-core | 2.19.0 | 2.25.4 | MEDIUM |
| CVE-2026-34480 | org.apache.logging.log4j:log4j-core | 2.19.0 | 2.25.4 | MEDIUM |
Awaiting upstream fix
No fix is available yet for these vulnerabilities.
| ID | Package | Installed | Fixed | Severity |
|---|---|---|---|---|
| CVE-2026-33845 | gnutls | 3.8.3-10.el9_7 | HIGH | |
| CVE-2026-33846 | gnutls | 3.8.3-10.el9_7 | HIGH | |
| CVE-2026-42009 | gnutls | 3.8.3-10.el9_7 | HIGH | |
| CVE-2026-42010 | gnutls | 3.8.3-10.el9_7 | HIGH | |
| CVE-2026-40356 | krb5-libs | 1.21.1-9.el9_7 | HIGH | |
| CVE-2025-5278 | coreutils-single | 8.32-39.el9 | MEDIUM | |
| CVE-2025-13034 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2025-14017 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-1965 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3783 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3784 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3805 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-4873 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-5545 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-5773 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-6253 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-6429 | curl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-1484 | glib2 | 2.68.4-18.el9_7.2 | MEDIUM | |
| CVE-2026-1489 | glib2 | 2.68.4-18.el9_7.2 | MEDIUM | |
| CVE-2026-4046 | glibc | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-4437 | glibc | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5435 | glibc | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5450 | glibc | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5928 | glibc | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-4046 | glibc-common | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-4437 | glibc-common | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5435 | glibc-common | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5450 | glibc-common | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5928 | glibc-common | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-4046 | glibc-minimal-langpack | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-4437 | glibc-minimal-langpack | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5435 | glibc-minimal-langpack | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5450 | glibc-minimal-langpack | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2026-5928 | glibc-minimal-langpack | 2.34-231.el9_7.10 | MEDIUM | |
| CVE-2025-68972 | gnupg2 | 2.3.3-5.el9_7 | MEDIUM | |
| CVE-2026-3833 | gnutls | 3.8.3-10.el9_7 | MEDIUM | |
| CVE-2026-42011 | gnutls | 3.8.3-10.el9_7 | MEDIUM | |
| CVE-2026-40355 | krb5-libs | 1.21.1-9.el9_7 | MEDIUM | |
| CVE-2023-30571 | libarchive | 3.5.3-9.el9_7 | MEDIUM | |
| CVE-2025-60753 | libarchive | 3.5.3-9.el9_7 | MEDIUM | |
| CVE-2026-4426 | libarchive | 3.5.3-9.el9_7 | MEDIUM | |
| CVE-2026-5745 | libarchive | 3.5.3-9.el9_7 | MEDIUM | |
| CVE-2026-27456 | libblkid | 2.37.4-21.el9_7 | MEDIUM | |
| CVE-2025-13034 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2025-14017 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-1965 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3783 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3784 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-3805 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-4873 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-5545 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-5773 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-6253 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-6429 | libcurl-minimal | 7.76.1-35.el9_7.3 | MEDIUM | |
| CVE-2026-41989 | libgcrypt | 1.10.0-11.el9 | MEDIUM | |
| CVE-2026-27456 | libmount | 2.37.4-21.el9_7 | MEDIUM | |
| CVE-2026-27456 | libsmartcols | 2.37.4-21.el9_7 | MEDIUM | |
| CVE-2026-27456 | libuuid | 2.37.4-21.el9_7 | MEDIUM | |
| CVE-2026-0990 | libxml2 | 2.9.13-14.el9_7 | MEDIUM | |
| CVE-2026-1757 | libxml2 | 2.9.13-14.el9_7 | MEDIUM | |
| CVE-2026-6732 | libxml2 | 2.9.13-14.el9_7 | MEDIUM | |
| CVE-2026-22185 | openldap | 2.6.8-4.el9 | MEDIUM | |
| CVE-2026-2673 | openssl-fips-provider | 3.0.7-8.el9 | MEDIUM | |
| CVE-2026-31790 | openssl-fips-provider | 3.0.7-8.el9 | MEDIUM | |
| CVE-2026-2673 | openssl-fips-provider-so | 3.0.7-8.el9 | MEDIUM | |
| CVE-2026-31790 | openssl-fips-provider-so | 3.0.7-8.el9 | MEDIUM | |
| CVE-2026-2673 | openssl-libs | 1:3.5.1-7.el9_7 | MEDIUM | |
| CVE-2026-28386 | openssl-libs | 1:3.5.1-7.el9_7 | MEDIUM | |
| CVE-2026-28390 | openssl-libs | 1:3.5.1-7.el9_7 | MEDIUM | |
| CVE-2026-31790 | openssl-libs | 1:3.5.1-7.el9_7 | MEDIUM | |
| CVE-2026-4105 | systemd-libs | 252-55.el9_7.9 | MEDIUM | |
| CVE-2026-34743 | xz-libs | 5.2.5-8.el9_0 | MEDIUM | |
| CVE-2024-11053 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2024-7264 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2024-9681 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-14524 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-15079 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-15224 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2026-6276 | curl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2023-4156 | gawk | 5.1.0-6.el9 | LOW | |
| CVE-2023-32636 | glib2 | 2.68.4-18.el9_7.2 | LOW | |
| CVE-2025-3360 | glib2 | 2.68.4-18.el9_7.2 | LOW | |
| CVE-2025-7039 | glib2 | 2.68.4-18.el9_7.2 | LOW | |
| CVE-2026-0988 | glib2 | 2.68.4-18.el9_7.2 | LOW | |
| CVE-2026-1485 | glib2 | 2.68.4-18.el9_7.2 | LOW | |
| CVE-2026-4438 | glibc | 2.34-231.el9_7.10 | LOW | |
| CVE-2026-4438 | glibc-common | 2.34-231.el9_7.10 | LOW | |
| CVE-2026-4438 | glibc-minimal-langpack | 2.34-231.el9_7.10 | LOW | |
| CVE-2022-3219 | gnupg2 | 2.3.3-5.el9_7 | LOW | |
| CVE-2025-30258 | gnupg2 | 2.3.3-5.el9_7 | LOW | |
| CVE-2026-24883 | gnupg2 | 2.3.3-5.el9_7 | LOW | |
| CVE-2026-3832 | gnutls | 3.8.3-10.el9_7 | LOW | |
| CVE-2025-1632 | libarchive | 3.5.3-9.el9_7 | LOW | |
| CVE-2025-5915 | libarchive | 3.5.3-9.el9_7 | LOW | |
| CVE-2025-5916 | libarchive | 3.5.3-9.el9_7 | LOW | |
| CVE-2025-5917 | libarchive | 3.5.3-9.el9_7 | LOW | |
| CVE-2025-5918 | libarchive | 3.5.3-9.el9_7 | LOW | |
| CVE-2024-11053 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2024-7264 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2024-9681 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-14524 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-15079 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2025-15224 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2026-6276 | libcurl-minimal | 7.76.1-35.el9_7.3 | LOW | |
| CVE-2022-27943 | libgcc | 11.5.0-11.el9 | LOW | |
| CVE-2026-41990 | libgcrypt | 1.10.0-11.el9 | LOW | |
| CVE-2025-11961 | libpcap | 14:1.10.0-4.el9 | LOW | |
| CVE-2022-27943 | libstdc++ | 11.5.0-11.el9 | LOW | |
| CVE-2025-13151 | libtasn1 | 4.16.0-9.el9 | LOW | |
| CVE-2023-45322 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2024-34459 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2025-27113 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2025-6170 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2026-0989 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2026-0992 | libxml2 | 2.9.13-14.el9_7 | LOW | |
| CVE-2023-50495 | ncurses-base | 6.2-12.20210508.el9 | LOW | |
| CVE-2023-50495 | ncurses-libs | 6.2-12.20210508.el9 | LOW | |
| CVE-2024-13176 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2024-41996 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2025-9232 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2026-28387 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2026-28388 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2026-28389 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2026-31789 | openssl-libs | 1:3.5.1-7.el9_7 | LOW | |
| CVE-2022-41409 | pcre2 | 10.40-6.el9 | LOW | |
| CVE-2022-41409 | pcre2-syntax | 10.40-6.el9 | LOW | |
| CVE-2024-0232 | sqlite-libs | 3.34.1-9.el9_7 | LOW | |
| CVE-2025-70873 | sqlite-libs | 3.34.1-9.el9_7 | LOW | |
| CVE-2021-4217 | unzip | 6.0-59.el9 | LOW | |
| CVE-2022-0529 | unzip | 6.0-59.el9 | LOW | |
| CVE-2022-0530 | unzip | 6.0-59.el9 | LOW | |
| CVE-2026-27171 | zlib | 1.2.11-40.el9 | LOW |
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
mirror.gcr.io/library/elasticsearch
Version
9.4.1