{ "@context": "https://openvex.dev/ns/v0.2.0", "@id": "https://clearcutt.internal/vex/python3.13-dev/v0.8.1", "author": "ClearCutt Security Platform Gating Engine", "role": "Document Creator", "timestamp": "2026-06-04T08:01:21Z", "version": 1, "statements": [ { "vulnerability": { "name": "CVE-2026-4176" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "affected", "impact_statement": "Image layer is affected; a fixed version is eligible for rebuild." }, { "vulnerability": { "name": "CVE-2026-8376" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2026-7210" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2026-6100" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "GHSA-mf9v-mfxr-j63j" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "GHSA-897w-fcg9-f6xj" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2026-3298" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "GHSA-qccp-gfcp-xxvc" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "GHSA-9277-mp7x-85jf" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2026-3087" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2026-4786" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "under_investigation", "impact_statement": "No safe fixed version is currently listed for this package. We keep it visible until an upstream fix is available." }, { "vulnerability": { "name": "CVE-2026-7598" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "GHSA-65pc-fj4g-8rjx" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2026-6019" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-15366" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2025-15367" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2026-8328" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "CVE-2026-1502" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "GHSA-jp4c-xjxw-mgf9" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2025-12781" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "GHSA-58qw-9mgm-455v" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." }, { "vulnerability": { "name": "CVE-2024-3220" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This is below the release-blocking severity threshold, so it is listed for awareness." }, { "vulnerability": { "name": "GHSA-6vgw-5pg2-w6jp" }, "products": [ { "@id": "pkg:nix/python3.13-dev@v0.8.1" } ], "status": "not_affected", "justification": "vulnerable_code_not_in_execute_path", "impact_statement": "This comes from the underlying base image, so ClearCutt lists it but cannot update it from the runtime layer." } ] }