Vulnerability Reportcaddy:2.8.1

caddy:2.8.1
DIGESTsha256:54b067d60ae306670ab09f10b6f309f19e4e0f43927ae514d3740fbe7964872f

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could cause denial of service via crafted TLS handshakes (CVE-2024-6119), bypass path-based access controls to reach restricted resources (CVE-2026-27587), or exhaust server memory with a large number of query parameters (CVE-2025-61726). Upgrading to Caddy 2.11.1 would eliminate CVE-2026-27587, and updating OpenSSL would resolve CVE-2024-6119 and CVE-2026-28388. Note that CVE-2024-24790 only applies in dual-stack environments using IPv4-mapped IPv6 addresses, and CVE-2026-28388 requires a non-default CRL delta flag.

Vulnerabilities

Vulnerability Log

192 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-6119CRITICAL9.75
libcrypto3
3.3.0-r2
fixed in 3.3.2-r0
66.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2024-6119CRITICAL9.75
libssl3
3.3.0-r2
fixed in 3.3.2-r0
66.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2024-24790HIGH7.84
stdlib
v1.22.3
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-27587HIGH7.73
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.4%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-28388HIGH7.5
libssl3
3.3.0-r2
fixed in 3.3.7-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-61726HIGH7.5
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-39828HIGH7.48
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-12797HIGH7.4
libcrypto3
3.3.0-r2
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-12797HIGH7.4
libssl3
3.3.0-r2
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly Exposed
CVE-2026-39832HIGH7.39
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39821MEDIUM6.97
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
libssl3
3.3.0-r2
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-52845MEDIUM6.88
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39831MEDIUM6.88
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68121MEDIUM6.8
stdlib
v1.22.3
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27590MEDIUM6.66
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-40200MEDIUM6.63
musl
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40200MEDIUM6.63
musl-utils
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22184MEDIUM6.63
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.22.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.0-r2
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.0-r2
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.3
fixed in 3.0.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-27144MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.3
fixed in 3.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32286MEDIUM6.38
github.com/jackc/pgproto3/v2
v2.3.3
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40898MEDIUM6.38
github.com/quic-go/quic-go
v0.44.0
fixed in 0.59.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-47913MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.43.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45338MEDIUM6.38
golang.org/x/net
v0.25.0
fixed in 0.33.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.25.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27586MEDIUM6.18
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27588MEDIUM6.18
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap2
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl-utils
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.21.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.22.3
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.0-r2
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libcrypto3
3.3.0-r2
fixed in 3.3.1-r1
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.0-r2
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libssl3
3.3.0-r2
fixed in 3.3.1-r1
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.22.3
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.22.3
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.0-r2
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libcrypto3
3.3.0-r2
fixed in 3.3.0-r3
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.0-r2
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libssl3
3.3.0-r2
fixed in 3.3.0-r3
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-27585MEDIUM5.52
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27589MEDIUM5.52
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-53259MEDIUM5.52
github.com/quic-go/quic-go
v0.44.0
fixed in 0.48.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.25.0
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.22.3
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.22.3
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.0-r2
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-34155MEDIUM5.02
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.22.3
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.22.3
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.22.3
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-59530MEDIUM4.5
github.com/quic-go/quic-go
v0.44.0
fixed in 0.49.1, 0.54.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64702MEDIUM4.5
github.com/quic-go/quic-go
v0.44.0
fixed in 0.57.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.25.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.25.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.22.3
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.22.3
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.22.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66406MEDIUM4.25
github.com/smallstep/certificates
v0.26.1
fixed in 0.29.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.0-r2
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.3.0-r2
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.0-r2
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
golang.org/x/net
v0.25.0
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.22.3
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-9143LOW3.7
libcrypto3
3.3.0-r2
fixed in 3.3.2-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-9143LOW3.7
libssl3
3.3.0-r2
fixed in 3.3.2-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-44005LOW3.6
github.com/smallstep/certificates
v0.26.1
fixed in 0.29.0
3.3%
Low-Moderate Risk
Post-Exploit
CVE-2026-4878LOW3.57
libcap-getcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-setcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-utils
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-52846LOW3.57
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.22.3
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libcrypto3
3.3.0-r2
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.0-r2
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.63.2
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2026-45692LOW3.23
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-26958LOW3.15
filippo.io/edwards25519
v1.1.0
fixed in 1.1.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.0-r2
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.0-r2
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-30836LOW3.06
github.com/smallstep/certificates
v0.26.1
fixed in 0.30.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.3.0-r2
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-41889LOW3
github.com/jackc/pgx/v4
v4.18.3
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.23.0
fixed in 0.31.0
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-42364LOW2.8
busybox
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox-binsh
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox-binsh
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
ssl_client
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
ssl_client
1.36.1-r28
fixed in 1.36.1-r29
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.7
libcrypto3
3.3.0-r2
fixed in 3.3.7-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-34156LOW2.7
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-46394LOW1.68
busybox
1.36.1-r28
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.36.1-r28
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.36.1-r28
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.36.1-r28
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.36.1-r28
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.36.1-r28
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2026-45135NONE0
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-52844NONE0
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.4
0.4%
Theoretical Threat
Not Applicable
GHSA-gx7w-56w6-g48xNONE0
github.com/caddyserver/caddy/v2
v2.8.1
fixed in 2.11.3
Not Applicable
GHSA-vrw8-fxc6-2r93NONE0
github.com/go-chi/chi/v5
v5.0.12
fixed in 5.2.2
Not Applicable
CVE-2026-40097NONE0
github.com/smallstep/certificates
v0.26.1
fixed in 0.30.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-24051NONE0
go.opentelemetry.io/otel/sdk
v1.21.0
fixed in 1.40.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.23.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.25.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.20.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.15.0
fixed in 0.39.0
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.22.3
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.