Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could bypass path-based access controls (CVE-2026-27587) or cause denial of service via memory exhaustion (CVE-2025-61726), potentially leading to unauthorized data access or service disruption. These vulnerabilities affect core components (Caddy and Go standard library) and require no special configuration to exploit. The image is pinned but unpatched; upgrading to Caddy >=2.11.1 and a Go version with net/url limits is necessary to resolve these issues.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-27587 | HIGH7.73 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2025-61726 | HIGH7.5 | stdlib v1.24.2 fixed in 1.24.12, 1.25.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-39821 | MEDIUM6.97 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-28387 | MEDIUM6.88 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-28387 | MEDIUM6.88 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-52845 | MEDIUM6.88 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39831 | MEDIUM6.88 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-27136 | MEDIUM6.88 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.24.2 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27590 | MEDIUM6.66 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-40200 | MEDIUM6.63 | musl 1.2.5-r9 fixed in 1.2.5-r11 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-40200 | MEDIUM6.63 | musl-utils 1.2.5-r9 fixed in 1.2.5-r11 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22184 | MEDIUM6.63 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39822 | MEDIUM6.63 | stdlib v1.24.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69421 | MEDIUM6.38 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-69421 | MEDIUM6.38 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34986 | MEDIUM6.38 | github.com/go-jose/go-jose/v3 v3.0.4 fixed in 3.0.5 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-40898 | MEDIUM6.38 | github.com/quic-go/quic-go v0.50.1 fixed in 0.59.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47913 | MEDIUM6.38 | golang.org/x/crypto v0.36.0 fixed in 0.43.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39835 | MEDIUM6.38 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46597 | MEDIUM6.38 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.38.0 fixed in 0.53.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-22874 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.24.4 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.8, 1.26.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27145 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42499 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42504 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-58183 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.24.2 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27586 | MEDIUM6.18 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27588 | MEDIUM6.18 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | MEDIUM5.95 | libcap 2.71-r0 fixed in 2.78-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4878 | MEDIUM5.95 | libcap2 2.71-r0 fixed in 2.78-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39883 | MEDIUM5.95 | go.opentelemetry.io/otel/sdk v1.31.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47907 | MEDIUM5.95 | stdlib v1.24.2 fixed in 1.23.12, 1.24.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-9231 | MEDIUM5.9 | libcrypto3 3.3.4-r0 fixed in 3.3.5-r0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9231 | MEDIUM5.9 | libssl3 3.3.4-r0 fixed in 3.3.5-r0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-4673 | MEDIUM5.78 | stdlib v1.24.2 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libcrypto3 3.3.4-r0 fixed in 3.3.5-r0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libssl3 3.3.4-r0 fixed in 3.3.5-r0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2026-27585 | MEDIUM5.52 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-27589 | MEDIUM5.52 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39827 | MEDIUM5.52 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39834 | MEDIUM5.52 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47906 | MEDIUM5.52 | stdlib v1.24.2 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.24.2 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39825 | MEDIUM5.52 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.5-r9 fixed in 1.2.5-r10 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl-utils 1.2.5-r9 fixed in 1.2.5-r10 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.24.2 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.24.2 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39823 | MEDIUM4.59 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.24.2 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-59530 | MEDIUM4.5 | github.com/quic-go/quic-go v0.50.1 fixed in 0.49.1, 0.54.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-64702 | MEDIUM4.5 | github.com/quic-go/quic-go v0.50.1 fixed in 0.57.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.36.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.36.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47911 | MEDIUM4.5 | golang.org/x/net v0.38.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58190 | MEDIUM4.5 | golang.org/x/net v0.38.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22873 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47912 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58185 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58187 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58188 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58189 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61723 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61724 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61725 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42505 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58186 | MEDIUM4.5 | stdlib v1.24.2 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-66406 | MEDIUM4.25 | github.com/smallstep/certificates v0.26.1 fixed in 0.29.0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-15467 | MEDIUM4.06 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 47.6% High Exploitation Risk | Post-Exploit |
| CVE-2025-15467 | MEDIUM4.06 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 47.6% High Exploitation Risk | Post-Exploit |
| CVE-2025-68160 | MEDIUM4 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68160 | MEDIUM4 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-44005 | LOW3.6 | github.com/smallstep/certificates v0.26.1 fixed in 0.29.0 | 3.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-4878 | LOW3.57 | libcap-getcap 2.71-r0 fixed in 2.78-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-4878 | LOW3.57 | libcap-setcap 2.71-r0 fixed in 2.78-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-4878 | LOW3.57 | libcap-utils 2.71-r0 fixed in 2.78-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-52846 | LOW3.57 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.4 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libcrypto3 3.3.4-r0 fixed in 3.3.6-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libssl3 3.3.4-r0 fixed in 3.3.6-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33186 | LOW3.28 | google.golang.org/grpc v1.67.1 fixed in 1.79.3 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45692 | LOW3.23 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.3 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-26958 | LOW3.15 | filippo.io/edwards25519 v1.1.0 fixed in 1.1.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-8556 | LOW3.15 | github.com/cloudflare/circl v1.6.0 fixed in 1.6.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | libcrypto3 3.3.4-r0 fixed in 3.3.5-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | libssl3 3.3.4-r0 fixed in 3.3.5-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-30836 | LOW3.06 | github.com/smallstep/certificates v0.26.1 fixed in 0.30.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-1229 | LOW3 | github.com/cloudflare/circl v1.6.0 fixed in 1.6.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-28388 | LOW2.7 | libcrypto3 3.3.4-r0 fixed in 3.3.7-r0 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-28388 | LOW2.7 | libssl3 3.3.4-r0 fixed in 3.3.7-r0 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39832 | LOW2.66 | golang.org/x/crypto v0.36.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-25681 | LOW2.48 | golang.org/x/net v0.38.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-27139 | LOW2.12 | stdlib v1.24.2 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-46394 | LOW1.68 | busybox 1.37.0-r12 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox-binsh 1.37.0-r12 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | ssl_client 1.37.0-r12 fixed in 1.37.0-r14 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2024-58251 | NONE0 | busybox 1.37.0-r12 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | busybox-binsh 1.37.0-r12 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | ssl_client 1.37.0-r12 fixed in 1.37.0-r14 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-45135 | NONE0 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.3 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-52844 | NONE0 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.4 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-gx7w-56w6-g48x | NONE0 | github.com/caddyserver/caddy/v2 v2.10.0 fixed in 2.11.3 | — | Not Applicable |
| GHSA-vrw8-fxc6-2r93 | NONE0 | github.com/go-chi/chi/v5 v5.2.1 fixed in 5.2.2 | — | Not Applicable |
| CVE-2026-40097 | NONE0 | github.com/smallstep/certificates v0.26.1 fixed in 0.30.0 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-24051 | NONE0 | go.opentelemetry.io/otel/sdk v1.31.0 fixed in 1.40.0 | 0.2% Theoretical Threat | Not Applicable |
| GO-2026-5932 | NONE0 | golang.org/x/crypto v0.36.0 No fix yet | — | Not Applicable |
| CVE-2026-46600 | NONE0 | golang.org/x/net v0.38.0 fixed in 0.56.0 | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.31.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56852 | NONE0 | golang.org/x/text v0.23.0 fixed in 0.39.0 | — | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.24.2 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.