Last scanned:
This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. It has one moderate-severity vulnerability (CVE-2026-33630) on its exposed surface that could cause denial of service if an attacker controls DNS responses. The remaining 24 exposed vulnerabilities are lower severity (below 6.0) and pose minimal risk. The image is officially maintained and pinned by digest, ensuring integrity.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core-recommended 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4873 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-9082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10 | 84.6% Actively Exploited | Not ApplicableContext importance: HIGH |
| CVE-2024-55637 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-13081 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-3057 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31673 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31674 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-6365 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-6366 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-6ccv-8fgf-cjpw | NONE0 | drupal/core 9.8.0 fixed in 10.1.8, 10.2.2 | — | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2025-13080 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-13082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-13083 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-31675 | NONE0 | drupal/core 9.8.0 fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2024-55637 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.