Vulnerability Reportdrupal:11.3.14-php8.5-fpm-alpine

drupal:11.3.14-php8.5-fpm-alpine3.24drupal:11.3.14-php8.5-fpm-alpine
DIGESTsha256:32042ece4557c56342cc47eea70724932344e4cf02c5a8babd26aa831e48b353

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. It contains 25 exposed vulnerabilities, but only one (CVE-2026-33630) reaches a moderate severity of 6.0, and it requires a man-in-the-middle attack or DNS spoofing to exploit, targeting the DNS resolution library. Since the container runs as a PHP-FPM Drupal application, remote exploitation of this CVE is not directly possible without DNS poisoning. Using trusted, encrypted DNS and network segmentation can further reduce the already low risk.

Vulnerabilities

Vulnerability Log

25 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33630MEDIUM6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core-recommended
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-9082NONE0
drupal/core
9.8.0
fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10
84.6%
Actively Exploited
Not ApplicableContext importance: HIGH
CVE-2024-55637NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2025-13081NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-3057NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31673NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31674NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-6365NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-6366NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.4%
Theoretical Threat
Not Applicable
GHSA-6ccv-8fgf-cjpwNONE0
drupal/core
9.8.0
fixed in 10.1.8, 10.2.2
Not Applicable
CVE-2024-55636NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable
CVE-2025-13080NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.3%
Theoretical Threat
Not Applicable
CVE-2025-13082NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-13083NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103
0.2%
Theoretical Threat
Not Applicable
CVE-2025-31675NONE0
drupal/core
9.8.0
fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5
0.5%
Theoretical Threat
Not Applicable
CVE-2024-55637NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2024-55636NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.