Last scanned:
This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The most notable vulnerability, CVE-2026-33630, is a use-after-free in c-ares (severity 6.0) that could allow a denial of service if the container receives malicious DNS responses. Since Drupal may make outbound connections, this risk should be considered. Other vulnerabilities are lower severity. Post-exploit findings are absent.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core-recommended 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-9082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10 | 84.6% Actively Exploited | Not ApplicableContext importance: HIGH |
| CVE-2024-55637 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-13081 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-3057 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31673 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31674 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-6365 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-6366 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-6ccv-8fgf-cjpw | NONE0 | drupal/core 9.8.0 fixed in 10.1.8, 10.2.2 | — | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2025-13080 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-13082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-13083 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-31675 | NONE0 | drupal/core 9.8.0 fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2024-55637 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.