Vulnerability Reportdrupal:11.3.14-fpm-alpine3.23

drupal:11.3.14-fpm-alpine3.23
DIGESTsha256:a3517b54e6d75f36361a73346ddb4530e7181b551568d37b13304a776d223f61

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
TRUSTED

This image is safe for production use. While 24 low-severity vulnerabilities and 17 low-severity post-exploit issues exist, none exceed a CVSS score of 5 and all have minimal practical impact, especially given that the image runs as a PHP-FPM service without exposed network services (the vulnerabilities are mostly library-level or require local access). The image is an official Docker Hub pull with over 200 million downloads, further reinforcing its reliability.

Vulnerabilities

Vulnerability Log

41 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-45440MEDIUM4.24
drupal/core
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core-recommended
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33630LOW2.7
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Post-Exploit
CVE-2026-4873LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-4873LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
curl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
curl
8.19.0-r0
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW1.99
curl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW1.99
libcurl
8.19.0-r0
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-9082NONE0
drupal/core
9.8.0
fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10
84.6%
Actively Exploited
Not ApplicableContext importance: HIGH
CVE-2024-55637NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2025-13081NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-3057NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31673NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31674NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-6365NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-6366NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.4%
Theoretical Threat
Not Applicable
GHSA-6ccv-8fgf-cjpwNONE0
drupal/core
9.8.0
fixed in 10.1.8, 10.2.2
Not Applicable
CVE-2024-55636NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable
CVE-2025-13080NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.3%
Theoretical Threat
Not Applicable
CVE-2025-13082NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-13083NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103
0.2%
Theoretical Threat
Not Applicable
CVE-2025-31675NONE0
drupal/core
9.8.0
fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5
0.5%
Theoretical Threat
Not Applicable
CVE-2024-55637NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2024-55636NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.