{ "@context": "https://openvex.dev/ns/v0.2.0", "@id": "https://clearcutt.internal/vex/java25-slim/v0.8.1", "author": "ClearCutt Security Platform Gating Engine", "role": "Document Creator", "timestamp": "2026-06-04T08:01:21Z", "version": 1, "statements": [ { "vulnerability": { "name": "CVE-2018-6553" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2026-4775" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2023-52356" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2025-68468" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-68471" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2026-24401" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-60876" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2023-6277" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-37769" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2021-3468" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-38469" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-38470" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-38471" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-38472" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-38473" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-59529" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-68276" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2026-34933" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2023-6228" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-46394" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2024-58251" }, "products": [ { "@id": "pkg:nix/java25-slim@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." } ] }