Vulnerability Reportdebian:bookworm-slim

Name: debian:12.14-slim Security Vulnerability Report
Creator: BaseImage
Keywords: debian:12.14-slim, Docker security, vulnerability scan, CVE, container security, SBOM

debian:bookworm-slimdebian:bookworm-20260518-slimdebian:12.14-slimdebian:12-slim

DIGESTsha256:0104b334637a5f19aa9c983a91b54c89887c0984081f2068983107a6f6c21eeb

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve unauthorized access via authentication bypass, execute arbitrary code, or trigger a denial of service, severely impacting service availability and data integrity. A highly impactful vulnerability (CVE-2018-20796) in the core `glibc` library can be easily triggered, leading to denial of service when processing untrusted input through common utilities. Other high-severity issues, such as CVE-2026-42010 in `gnutls`, pose risks like authentication bypass but require specific application configurations within the container to be exploitable. Despite being an official image, the numerous severe and directly applicable vulnerabilities make it unsuitable for production.

Threat Score

100/100

DANGEROUS

A critical vulnerability (CVE-2018-20796) in the core `glibc` library allows for denial of service, easily triggered by untrusted input.
Multiple high-severity vulnerabilities, including an authentication bypass in `gnutls` (CVE-2026-42010) and potential remote code execution in `zlib` (CVE-2023-45853), expose the container to severe attacks.
The image exhibits a significant attack surface with 78 total vulnerabilities, including 4 with severity >= 7.0 and 14 with severity >= 6.0.
Despite being an official Docker Hub image, the presence of these severe, exploitable vulnerabilities makes it unsafe for production deployment.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

debian:bookworm-slim

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

131 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-42010	HIGH7.84	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2023-45853	HIGH7.84	zlib1g 1:1.2.13.dfsg-1 No fix yet	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	HIGH7.5	libc-bin 2.36-9+deb12u14 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2018-20796	HIGH7.5	libc6 2.36-9+deb12u14 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: HIGH
CVE-2025-69720	MEDIUM6.63	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	MEDIUM6.63	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42013	MEDIUM6.56	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM6.38	libc-bin 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc6 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-41989	MEDIUM6.38	libgcrypt20 1.10.1-3 fixed in 1.10.1-3+deb12u1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33846	MEDIUM6.38	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3833	MEDIUM6.29	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-33845	MEDIUM6.18	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42009	MEDIUM6	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42011	MEDIUM5.92	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42012	MEDIUM5.68	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly ExposedContext importance: MEDIUM
CVE-2026-6238	MEDIUM5.52	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-50495	MEDIUM5.52	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42015	MEDIUM5.3	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.10.1-3 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.02	libtasn1-6 4.19.0-2+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-5+b1 No fix yet	—	Directly Exposed
CVE-2026-5260	MEDIUM4.92	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly Exposed
CVE-2005-2541	MEDIUM4.8	tar 1.34+dfsg-1.2+deb12u1 No fix yet	3.8% Low-Moderate Risk	Post-ExploitContext importance: MEDIUM
CVE-2026-48962	MEDIUM4.68	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-Exploit
CVE-2022-27943	MEDIUM4.67	gcc-12-base 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libgcc-s1 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-27943	MEDIUM4.67	libstdc++6 12.2.0-14+deb12u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.2.13.dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.36-9+deb12u14 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.36-9+deb12u14 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.36-9+deb12u14 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.4.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 252.39-1~deb12u2 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42496	MEDIUM4.37	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2011-3389	MEDIUM4.3	libgnutls30 3.7.9-2+deb12u6 No fix yet	3.9% Low-Moderate Risk	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.36-9+deb12u14 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31486	MEDIUM4.13	perl-base 5.36.0-7+deb12u3 No fix yet	0.7% Theoretical Threat	Post-Exploit
CVE-2019-1010022	MEDIUM4	libc-bin 2.36-9+deb12u14 No fix yet	0.1% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2019-1010022	MEDIUM4	libc6 2.36-9+deb12u14 No fix yet	0.1% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-27456	MEDIUM4	libblkid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam-modules 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam-runtime 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-10041	MEDIUM4	libpam0g 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69720	LOW3.98	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2018-6829	LOW3.83	libgcrypt20 1.10.1-3 No fix yet	0.5% Theoretical Threat	Directly Exposed
CVE-2011-3374	LOW3.7	libapt-pkg6.0 2.6.1 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2026-5419	LOW3.7	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Directly Exposed
CVE-2026-42497	LOW3.6	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2026-9538	LOW3.6	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-ExploitContext importance: MEDIUM
CVE-2019-1010023	LOW3.59	libc-bin 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2019-1010023	LOW3.59	libc6 2.36-9+deb12u14 No fix yet	0.3% Theoretical Threat	Post-ExploitContext importance: MEDIUM
CVE-2026-8376	LOW3.53	perl-base 5.36.0-7+deb12u3 No fix yet	—	Post-Exploit
CVE-2010-4756	LOW3.4	libc-bin 2.36-9+deb12u14 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.36-9+deb12u14 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2016-2781	LOW3.31	coreutils 9.1-1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-50495	LOW3.31	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.34+dfsg-1.2+deb12u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2013-4392	LOW2.8	libsystemd0 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-6141	LOW2.8	libtinfo6 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 252.39-1~deb12u2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-6141	LOW2.8	ncurses-base 6.4-4 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW2.7	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	login 1:4.13+dfsg1-1+deb12u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.1-1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-30258	LOW2.4	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-10041	LOW2.4	libpam-modules-bin 1.5.2-6+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux-extra 2.38.1-5+deb12u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.1-1 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 2.6.1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	login 1:4.13+dfsg1-1+deb12u2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	gpgv 2.2.40-1.1+deb12u2 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-6141	LOW1.68	ncurses-bin 6.4-4 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.36.0-7+deb12u3 No fix yet	0.2% Theoretical Threat	Post-Exploit
TEMP-0841856-B18BAF	NONE0	bash 5.2.15-2+b13 No fix yet	—	Not Applicable
CVE-2026-42014	NONE0	libgnutls30 3.7.9-2+deb12u6 fixed in 3.7.9-2+deb12u7	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login 1:4.13+dfsg1-1+deb12u2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.13+dfsg1-1+deb12u2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.36.0-7+deb12u3 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.06-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.34+dfsg-1.2+deb12u1 No fix yet	—	Not Applicable