Vulnerability Reportcaddy:2.11.1-alpine

caddy:2.11.1-alpine
DIGESTsha256:3b2a0196e0687279c14c27adff9fc6b44acfa318dbb97eaebe385bdf99e5364c

Executive Summary

Last scanned:

Threat Score
50/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service via OpenSSL NULL pointer dereferences (CVE-2026-28388) or directory traversal via Go's os.Root (CVE-2026-39822). Many vulnerabilities require non-default configurations (e.g., delta CRL, CMS processing) or local access, reducing exploitability in typical setups. Mitigations include disabling unused modules (e.g., QUIC) and restricting file system access.

Vulnerabilities

Vulnerability Log

155 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-40200MEDIUM6.63
musl
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.26.0
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
nghttp2-libs
1.68.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.4
fixed in 3.0.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v4
v4.1.3
fixed in 4.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-40898MEDIUM6.38
github.com/quic-go/quic-go
v0.59.0
fixed in 0.59.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-29181MEDIUM6.38
go.opentelemetry.io/otel
v1.40.0
fixed in 1.41.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
v0.16.0
fixed in 0.19.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
v1.40.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
v1.40.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.50.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27137MEDIUM6.38
stdlib
v1.26.0
fixed in 1.26.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.26.0
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap2
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.40.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39821MEDIUM5.58
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33810MEDIUM5.58
stdlib
v1.26.0
fixed in 1.26.2
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-52845MEDIUM5.5
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.4
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32282MEDIUM5.44
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.26.0
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.26.0
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.26.0
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27141MEDIUM4.5
golang.org/x/net
v0.50.0
fixed in 0.51.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.26.0
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.26.0
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-getcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-setcap
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-utils
2.77-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-52846LOW3.57
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-3784LOW3.31
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW3.31
curl
8.17.0-r1
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW3.31
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-3784LOW3.31
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW3.31
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW3.31
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.78.0
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2026-45692LOW3.23
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3805LOW3.21
curl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW3.15
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27138LOW3.15
stdlib
v1.26.0
fixed in 1.26.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-30836LOW3.06
github.com/smallstep/certificates
v0.30.0-rc2.0.20260211214201-20608299c29c
fixed in 0.30.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-3783LOW2.91
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-3783LOW2.91
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-33630LOW2.7
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Post-Exploit
CVE-2026-4873LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-4873LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.48.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-25681LOW2.48
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27136LOW2.48
golang.org/x/net
v0.50.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
curl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.26.0
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-1965LOW2.08
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW2.08
curl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-1965LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW1.99
curl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW1.99
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-45135NONE0
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-52844NONE0
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.4
0.4%
Theoretical Threat
Not Applicable
GHSA-gx7w-56w6-g48xNONE0
github.com/caddyserver/caddy/v2
v2.11.1
fixed in 2.11.3
Not Applicable
GHSA-wwhq-w58m-w29cNONE0
github.com/caddyserver/caddy/v2
v2.11.1
No fix yet
Not Applicable
CVE-2026-40097NONE0
github.com/smallstep/certificates
v0.30.0-rc2.0.20260211214201-20608299c29c
fixed in 0.30.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.48.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.50.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.41.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.34.0
fixed in 0.39.0
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.