Vulnerability Reportdpage/pgadmin4:9.15

dpage/pgadmin4:9.15.0dpage/pgadmin4:9.15dpage/pgadmin4:2026-05-06-1

DIGESTsha256:cefc4cc6b7d9d71a9e81e76fb9d7e14038ab5661b539a190eea1b63fa612589a

Executive Summary

Threat ScoreNEEDS ATTENTION• 1 medium-severity exposed vulnerability (CVE-2026-48526) with severity 6.29 enabling authentication bypass via JWT algorithm confusion.• 24 total exposed vulnerabilities, but only one above severity 6.0; no high-severity issues.• Image from popular community publisher (dpage) with 433M+ pulls and pinned by digest (immutable).• No notable post-exploit findings (all below severity 7.0).

25/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (433M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The only notable vulnerability (CVE-2026-48526) is a medium-severity authentication bypass in PyJWT that could allow an attacker to forge JWT tokens and gain unauthorized access. The image is from a reputable publisher and has no high-severity issues.

Vulnerabilities

Vulnerability Log

43 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-48526	MEDIUM6.29	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-48523	MEDIUM4.59	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-48525	MEDIUM4.5	PyJWT 2.12.1 fixed in 2.13.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-45409	MEDIUM4.5	idna 3.13 fixed in 3.15	0.4% Theoretical Threat	Directly Exposed
CVE-2026-44431	MEDIUM4.5	urllib3 2.6.3 fixed in 2.7.0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-48524	MEDIUM4.02	PyJWT 2.12.1 fixed in 2.13.0	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-48522	LOW3.57	PyJWT 2.12.1 fixed in 2.13.0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6357	LOW2.96	pip 26.0.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.6-r0 fixed in 3.5.7-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-44405	LOW2.89	paramiko 3.5.1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-3219	LOW2.55	pip 26.0.1 fixed in 26.1	0.1% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-34183	LOW2.29	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Post-Exploit
CVE-2026-44432	LOW2.29	urllib3 2.6.3 fixed in 2.7.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-34182	LOW2.26	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-42769	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-42770	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-9076	LOW1.81	libssl3 3.5.6-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-46715	NONE0	Flask-Security-Too 5.8.0 fixed in 5.8.1	—	Not Applicable
GHSA-537c-gmf6-5ccf	NONE0	cryptography 47.0.0 fixed in 48.0.1	—	Not Applicable