Vulnerability Reportcaddy:2.8.4-alpine

caddy:2.8.4-alpine
DIGESTsha256:af32e97399febea808609119bb21544d0265c58a02836576e32a2d082c262c17

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2024-24790 to bypass IP-based access controls or CVE-2026-27587 to bypass path-based routing, leading to unauthorized access to protected resources. Upgrading Caddy to version 2.11.1 and patching the Go standard library would fully remediate these vulnerabilities.

Vulnerabilities

Vulnerability Log

178 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-24790CRITICAL9.8
stdlib
v1.22.3
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-27587HIGH7.73
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.4%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2025-61726HIGH7.5
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-39832HIGH7.39
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39821MEDIUM6.97
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
libssl3
3.3.2-r1
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-52845MEDIUM6.88
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39831MEDIUM6.88
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68121MEDIUM6.8
stdlib
v1.22.3
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27590MEDIUM6.66
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-41889MEDIUM6.66
github.com/jackc/pgx/v4
v4.18.3
No fix yet
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-40200MEDIUM6.63
musl
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22184MEDIUM6.63
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.22.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.3.2-r1
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.2-r1
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.2-r1
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.3
fixed in 3.0.5
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-27144MEDIUM6.38
github.com/go-jose/go-jose/v3
v3.0.3
fixed in 3.0.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32286MEDIUM6.38
github.com/jackc/pgproto3/v2
v2.3.3
No fix yet
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40898MEDIUM6.38
github.com/quic-go/quic-go
v0.44.0
fixed in 0.59.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-47913MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.43.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45338MEDIUM6.38
golang.org/x/net
v0.25.0
fixed in 0.33.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.25.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27586MEDIUM6.18
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27588MEDIUM6.18
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4878MEDIUM5.95
libcap2
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.21.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.22.3
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.2-r1
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.2-r1
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.22.3
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.22.3
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.2-r1
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.2-r1
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2026-27585MEDIUM5.52
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-27589MEDIUM5.52
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-53259MEDIUM5.52
github.com/quic-go/quic-go
v0.44.0
fixed in 0.48.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.25.0
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.22.3
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.22.3
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.2-r1
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-34155MEDIUM5.02
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.22.3
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.3.2-r1
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.3.2-r1
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.22.3
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.22.3
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.25.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.22.3
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.22.3
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-59530MEDIUM4.5
github.com/quic-go/quic-go
v0.44.0
fixed in 0.49.1, 0.54.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64702MEDIUM4.5
github.com/quic-go/quic-go
v0.44.0
fixed in 0.57.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.25.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.25.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.22.3
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.22.3
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.22.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.22.3
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.22.3
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-66406MEDIUM4.25
github.com/smallstep/certificates
v0.26.1
fixed in 0.29.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.2-r1
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.3.2-r1
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.2-r1
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-22870LOW3.74
golang.org/x/net
v0.25.0
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.22.3
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-44005LOW3.6
github.com/smallstep/certificates
v0.26.1
fixed in 0.29.0
3.3%
Low-Moderate Risk
Post-Exploit
CVE-2026-4878LOW3.57
libcap-getcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-setcap
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-4878LOW3.57
libcap-utils
2.70-r0
fixed in 2.78-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-26519LOW3.57
musl-utils
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-52846LOW3.57
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.4
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.22.3
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libcrypto3
3.3.2-r1
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.2-r1
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.63.2
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2026-45692LOW3.23
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.3
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-26958LOW3.15
filippo.io/edwards25519
v1.1.0
fixed in 1.1.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.2-r1
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.2-r1
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-30836LOW3.06
github.com/smallstep/certificates
v0.26.1
fixed in 0.30.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.23.0
fixed in 0.31.0
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Post-Exploit
CVE-2024-34156LOW2.7
stdlib
v1.22.3
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.23.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2024-12797LOW2.66
libcrypto3
3.3.2-r1
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2024-12797LOW2.66
libssl3
3.3.2-r1
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.22.3
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-46394LOW1.68
busybox
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2026-45135NONE0
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-52844NONE0
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.4
0.4%
Theoretical Threat
Not Applicable
GHSA-gx7w-56w6-g48xNONE0
github.com/caddyserver/caddy/v2
v2.8.4
fixed in 2.11.3
Not Applicable
GHSA-vrw8-fxc6-2r93NONE0
github.com/go-chi/chi/v5
v5.0.12
fixed in 5.2.2
Not Applicable
CVE-2026-40097NONE0
github.com/smallstep/certificates
v0.26.1
fixed in 0.30.0
0.2%
Theoretical Threat
Not Applicable
CVE-2026-24051NONE0
go.opentelemetry.io/otel/sdk
v1.21.0
fixed in 1.40.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.23.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.25.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.20.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.15.0
fixed in 0.39.0
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.22.3
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.