Last scanned:
This base/runtime image is a clean foundation for building production images. It has 10 exposed vulnerabilities and 21 post-exploit findings, but all are low severity (max 5.35 and 2.92 respectively) and none require attention. Being an official Docker image pinned by digest provides strong supply chain security. No CVEs are cited because no findings meet the threshold for concern. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-34181 | MEDIUM5.35 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45447 | LOW2.92 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-8643 | LOW2.8 | python3-pip-wheel 21.3.1-2.amzn2023.0.19 fixed in 21.3.1-2.amzn2023.0.20 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW2.29 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW2.29 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42764 | LOW1.81 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW1.81 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42764 | LOW1.81 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW1.81 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW1.62 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW1.62 | openssl-fips-provider-latest 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW1.62 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW1.62 | openssl-libs 1:3.5.5-1.amzn2023.0.4 fixed in 1:3.5.5-1.amzn2023.0.5 | 0.3% Theoretical Threat | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.