Vulnerability Reportdrupal:11.4.4-php8.4-fpm-alpine

drupal:11.4.4-php8.4-fpm-alpine3.24drupal:11.4.4-php8.4-fpm-alpine
DIGESTsha256:0a120c42dcff3ef2f76d2ce056115fe67b22f8d1c36f3d7c534a2661e763f8c8

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The main concern is CVE-2026-33630, a medium-severity issue in c-ares that could allow denial of service or memory corruption via crafted DNS responses. Since the image is an official Drupal container, outbound DNS queries are normal; using trusted internal DNS resolvers and network segmentation can mitigate this risk. No high-severity or post-exploit vulnerabilities exist, and the image is trusted with an official publisher tag.

Vulnerabilities

Vulnerability Log

25 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-33630MEDIUM6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45440MEDIUM4.24
drupal/core-recommended
9.8.0
fixed in 10.3.6, 11.0.5, 10.2.9
9.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-9082NONE0
drupal/core
9.8.0
fixed in 10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10
84.6%
Actively Exploited
Not ApplicableContext importance: HIGH
CVE-2024-55637NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2025-13081NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-3057NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31673NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-31674NONE0
drupal/core
9.8.0
fixed in 10.3.13, 10.4.3, 11.0.12, 11.1.3
0.5%
Theoretical Threat
Not Applicable
CVE-2026-6365NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-6366NONE0
drupal/core
9.8.0
fixed in 10.5.9, 10.6.7, 11.2.11, 11.3.7
0.4%
Theoretical Threat
Not Applicable
GHSA-6ccv-8fgf-cjpwNONE0
drupal/core
9.8.0
fixed in 10.1.8, 10.2.2
Not Applicable
CVE-2024-55636NONE0
drupal/core
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable
CVE-2025-13080NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.3%
Theoretical Threat
Not Applicable
CVE-2025-13082NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8
0.2%
Theoretical Threat
Not Applicable
CVE-2025-13083NONE0
drupal/core
9.8.0
fixed in 10.4.9, 10.5.6, 11.1.9, 11.2.8, 7.103
0.2%
Theoretical Threat
Not Applicable
CVE-2025-31675NONE0
drupal/core
9.8.0
fixed in 10.3.14, 10.4.5, 11.0.13, 11.1.5
0.5%
Theoretical Threat
Not Applicable
CVE-2024-55637NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.8%
Theoretical Threat
Not Applicable
CVE-2024-55638NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 7.102
1.0%
Theoretical Threat
Not Applicable
CVE-2024-12393NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.3%
Theoretical Threat
Not Applicable
CVE-2024-55634NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.4%
Theoretical Threat
Not Applicable
CVE-2024-55636NONE0
drupal/core-recommended
9.8.0
fixed in 10.2.11, 10.3.9, 11.0.8
0.9%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.