# Unfixed OS-level vulnerabilities in Debian 13 (trixie) base image.
# No fix available upstream as of 2026-04-27; revisit when patches land.

# ncurses: buffer overflow (libncursesw6, libtinfo6, ncurses-base, ncurses-bin)
CVE-2025-69720

# nghttp2: DoS via malformed HTTP/2 frames after session termination (libnghttp2-14)
CVE-2026-27135

# systemd: arbitrary code execution / DoS via spurious IPC (libsystemd0, libudev1)
CVE-2026-29111

# libcap: privilege escalation via TOCTOU race in cap_set_file() (libcap2)
CVE-2026-4878

# gnutls: DoS via DTLS zero-length fragment (libgnutls30t64)
CVE-2026-33845
