Vulnerability Reportelasticsearch:8.19.17

elasticsearch:8.19.17
DIGESTsha256:f8645eadfbf4f96e31043ed1e64e5f48ff826d0943660d48a4decd1428d9de96

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
TRUSTED

This image is safe for production use. While 22 vulnerabilities are exposed, all are low severity (max CVSS 5.9) and pose minimal risk in the context of this image's role as a backend service. The image is an official Docker Hub publication, well-known and trusted with over 966 million pulls. Post-exploit findings are also negligible. No immediate action required.

Vulnerabilities

Vulnerability Log

61 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-2236MEDIUM5.9
libgcrypt20
1.10.3-2ubuntu0.1
No fix yet
1.1%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2026-54512MEDIUM5.5
com.fasterxml.jackson.core:jackson-databind
2.15.0
fixed in 2.18.8, 3.1.4, 2.21.4
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-54513MEDIUM5.5
com.fasterxml.jackson.core:jackson-databind
2.15.0
fixed in 2.18.8, 2.21.4, 3.1.4
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-13757MEDIUM5.27
libp11-kit0
0.25.3-4ubuntu2.1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-7962MEDIUM5.1
com.sun.mail:jakarta.mail
1.6.3
fixed in 1.6.8, 2.0.2
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-7962MEDIUM5.1
com.sun.mail:jakarta.mail
1.6.4
fixed in 1.6.8, 2.0.2
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27171MEDIUM4.67
zlib1g
1:1.3.dfsg-3.1ubuntu2.1
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-54514MEDIUM4.5
com.fasterxml.jackson.core:jackson-databind
2.15.0
fixed in 2.18.8, 2.21.4, 3.1.4
0.2%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-4437MEDIUM4.42
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-4437MEDIUM4.42
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-22227MEDIUM4.14
io.projectreactor.netty:reactor-netty-http
1.0.45
fixed in 1.3.0-M5, 1.2.8
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27456MEDIUM4
libblkid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27456MEDIUM4
libmount1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-9547LOW3.77
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-48924LOW3.7
org.apache.commons:commons-lang3
3.9
fixed in 3.18.0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-4046LOW3.6
libc-bin
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-4046LOW3.6
libc6
2.39-0ubuntu8.7
No fix yet
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-54515LOW3.6
com.fasterxml.jackson.core:jackson-databind
2.15.0
fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-4438LOW3.4
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-4438LOW3.4
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-8924LOW3.31
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-8924LOW3.31
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-8376LOW3
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-8925LOW2.92
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-8925LOW2.92
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-45582LOW2.86
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5704LOW2.8
tar
1.35+dfsg-3build1
fixed in 1.35+dfsg-3ubuntu0.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42496LOW2.78
perl-base
5.38.2-3.2ubuntu0.2
fixed in 5.38.2-3.2ubuntu0.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-8286LOW2.48
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-8286LOW2.48
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
bsdutils
1:2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-41991LOW2.4
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-10536LOW2.4
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.11
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
mount
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
util-linux
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-8927LOW2.29
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-41992LOW2.29
gzip
1.12-1ubuntu3.1
fixed in 1.12-1ubuntu3.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-8927LOW2.29
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-9547LOW2.26
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6238LOW1.99
libc-bin
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6238LOW1.99
libc6
2.39-0ubuntu8.7
No fix yet
0.3%
Theoretical Threat
Post-Exploit
CVE-2024-56433LOW1.84
passwd
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5435LOW1.81
libc-bin
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-5435LOW1.81
libc6
2.39-0ubuntu8.7
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-69720NONE0
libncursesw6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
libtinfo6
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-base
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-bin
6.4+20240113-1ubuntu2
fixed in 6.4+20240113-1ubuntu2.1
0.4%
Theoretical Threat
Not Applicable
CVE-2026-13757NONE0
p11-kit
0.25.3-4ubuntu2.1
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-13757NONE0
p11-kit-modules
0.25.3-4ubuntu2.1
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libsmartcols1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libuuid1
2.39.3-9ubuntu6.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2024-56433NONE0
login
1:4.13+dfsg1-4ubuntu3.2
No fix yet
0.4%
Theoretical Threat
Not Applicable
CVE-2026-40228NONE0
libsystemd0
255.4-1ubuntu8.16
No fix yet
0.2%
Theoretical Threat
Not Applicable
CVE-2026-40228NONE0
libudev1
255.4-1ubuntu8.16
No fix yet
0.2%
Theoretical Threat
Not Applicable
CVE-2026-8458NONE0
curl
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Not Applicable
CVE-2026-8458NONE0
libcurl4t64
8.5.0-2ubuntu10.9
fixed in 8.5.0-2ubuntu10.10
0.5%
Theoretical Threat
Not Applicable
CVE-2026-58055NONE0
libnghttp2-14
1.59.0-1ubuntu0.3
fixed in 1.59.0-1ubuntu0.4
0.2%
Theoretical Threat
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.15.0
fixed in 2.21.1, 2.18.6
Not Applicable
GHSA-72hv-8253-57qqNONE0
com.fasterxml.jackson.core:jackson-core
2.17.2
fixed in 2.21.1, 2.18.6
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.