Last scanned:
This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The main concern is CVE-2026-33630, a medium-severity issue in c-ares that could allow denial of service or memory corruption via crafted DNS responses. Since the image is an official Drupal container, outbound DNS queries are normal; using trusted internal DNS resolvers and network segmentation can mitigate this risk. No high-severity or post-exploit vulnerabilities exist, and the image is trusted with an official publisher tag.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2024-45440 | MEDIUM4.24 | drupal/core-recommended 9.8.0 fixed in 10.3.6, 11.0.5, 10.2.9 | 9.3% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2026-9082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10 | 84.6% Actively Exploited | Not ApplicableContext importance: HIGH |
| CVE-2024-55637 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-13081 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-3057 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31673 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-31674 | NONE0 | drupal/core 9.8.0 fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-6365 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-6366 | NONE0 | drupal/core 9.8.0 fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7 | 0.4% Theoretical Threat | Not Applicable |
| GHSA-6ccv-8fgf-cjpw | NONE0 | drupal/core 9.8.0 fixed in 10.1.8, 10.2.2 | — | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
| CVE-2025-13080 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2025-13082 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-13083 | NONE0 | drupal/core 9.8.0 fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-31675 | NONE0 | drupal/core 9.8.0 fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2024-55637 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.8% Theoretical Threat | Not Applicable |
| CVE-2024-55638 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 7.102 | 1.0% Theoretical Threat | Not Applicable |
| CVE-2024-12393 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-55634 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2024-55636 | NONE0 | drupal/core-recommended 9.8.0 fixed in 10.2.11, 10.3.9, 11.0.8 | 0.9% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.