Vulnerability Reportdrupal:11.4.4-fpm-alpine

drupal:11.4.4-php8.5-fpm-alpine3.24drupal:11.4.4-php8.5-fpm-alpinedrupal:11.4.4-fpm-alpine3.24drupal:11.4.4-fpm-alpine
DIGESTsha256:b4ad262f4bba157df07656f745f163965b66210120a87ac99a373b97181e2917

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The most notable vulnerability, CVE-2026-33630, is a use-after-free in c-ares (severity 6.0) that could allow a denial of service if the container receives malicious DNS responses. Since Drupal may make outbound connections, this risk should be considered. Other vulnerabilities are lower severity. Post-exploit findings are absent.

Vulnerabilities

Vulnerability Log

25 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33630MEDIUM6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core-recommended
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-9082NONE0
drupal/core
9.8.0
fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10
84.6%
Actively Exploited
Not ApplicableContext importance: HIGH
CVE-2024-55637NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2025-13081NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-3057NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31673NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31674NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-6365NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-6366NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.4%
Theoretical Threat
Not Applicable
GHSA-6ccv-8fgf-cjpwNONE0
drupal/core
9.8.0
fixed in 10.1.8, 10.2.2
Not Applicable
CVE-2024-55636NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable
CVE-2025-13080NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.3%
Theoretical Threat
Not Applicable
CVE-2025-13082NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-13083NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103
0.2%
Theoretical Threat
Not Applicable
CVE-2025-31675NONE0
drupal/core
9.8.0
fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5
0.5%
Theoretical Threat
Not Applicable
CVE-2024-55637NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2024-55636NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.