Last scanned:
This image is safe for production use. While 22 vulnerabilities are exposed, all are low severity (max CVSS 5.9) and pose minimal risk in the context of this image's role as a backend service. The image is an official Docker Hub publication, well-known and trusted with over 966 million pulls. Post-exploit findings are also negligible. No immediate action required.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2024-2236 | MEDIUM5.9 | libgcrypt20 1.10.3-2ubuntu0.1 No fix yet | 1.1% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-54512 | MEDIUM5.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 3.1.4, 2.21.4 | 0.6% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-54513 | MEDIUM5.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.7% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-13757 | MEDIUM5.27 | libp11-kit0 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 1.6.3 fixed in 1.6.8, 2.0.2 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-7962 | MEDIUM5.1 | com.sun.mail:jakarta.mail 1.6.4 fixed in 1.6.8, 2.0.2 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27171 | MEDIUM4.67 | zlib1g 1:1.3.dfsg-3.1ubuntu2.1 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-54514 | MEDIUM4.5 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 2.18.8, 2.21.4, 3.1.4 | 0.2% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-4437 | MEDIUM4.42 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4437 | MEDIUM4.42 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2025-22227 | MEDIUM4.14 | io.projectreactor.netty:reactor-netty-http 1.0.45 fixed in 1.3.0-M5, 1.2.8 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-27456 | MEDIUM4 | libblkid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-27456 | MEDIUM4 | libmount1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-9547 | LOW3.77 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2025-48924 | LOW3.7 | org.apache.commons:commons-lang3 3.9 fixed in 3.18.0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-4046 | LOW3.6 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4046 | LOW3.6 | libc6 2.39-0ubuntu8.7 No fix yet | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-54515 | LOW3.6 | com.fasterxml.jackson.core:jackson-databind 2.15.0 fixed in 3.1.4, 2.18.9, 2.21.5, 2.22.1 | 0.3% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-4438 | LOW3.4 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-4438 | LOW3.4 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-8924 | LOW3.31 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-8924 | LOW3.31 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-8376 | LOW3 | perl-base 5.38.2-3.2ubuntu0.2 fixed in 5.38.2-3.2ubuntu0.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-8925 | LOW2.92 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-8925 | LOW2.92 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2025-45582 | LOW2.86 | tar 1.35+dfsg-3build1 fixed in 1.35+dfsg-3ubuntu0.2 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5704 | LOW2.8 | tar 1.35+dfsg-3build1 fixed in 1.35+dfsg-3ubuntu0.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42496 | LOW2.78 | perl-base 5.38.2-3.2ubuntu0.2 fixed in 5.38.2-3.2ubuntu0.3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-8286 | LOW2.48 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-8286 | LOW2.48 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | bsdutils 1:2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-10536 | LOW2.4 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.11 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-41991 | LOW2.4 | gzip 1.12-1ubuntu3.1 fixed in 1.12-1ubuntu3.2 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-10536 | LOW2.4 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.11 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | mount 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-27456 | LOW2.4 | util-linux 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-8927 | LOW2.29 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-41992 | LOW2.29 | gzip 1.12-1ubuntu3.1 fixed in 1.12-1ubuntu3.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-8927 | LOW2.29 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-9547 | LOW2.26 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6238 | LOW1.99 | libc6 2.39-0ubuntu8.7 No fix yet | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2024-56433 | LOW1.84 | passwd 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-5435 | LOW1.81 | libc-bin 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-5435 | LOW1.81 | libc6 2.39-0ubuntu8.7 No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2025-69720 | NONE0 | libncursesw6 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-69720 | NONE0 | libtinfo6 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-69720 | NONE0 | ncurses-base 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2025-69720 | NONE0 | ncurses-bin 6.4+20240113-1ubuntu2 fixed in 6.4+20240113-1ubuntu2.1 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-13757 | NONE0 | p11-kit 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-13757 | NONE0 | p11-kit-modules 0.25.3-4ubuntu2.1 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libsmartcols1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-27456 | NONE0 | libuuid1 2.39.3-9ubuntu6.5 No fix yet | 0.1% Theoretical Threat | Not Applicable |
| CVE-2024-56433 | NONE0 | login 1:4.13+dfsg1-4ubuntu3.2 No fix yet | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-40228 | NONE0 | libsystemd0 255.4-1ubuntu8.16 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-40228 | NONE0 | libudev1 255.4-1ubuntu8.16 No fix yet | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-8458 | NONE0 | curl 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-8458 | NONE0 | libcurl4t64 8.5.0-2ubuntu10.9 fixed in 8.5.0-2ubuntu10.10 | 0.5% Theoretical Threat | Not Applicable |
| CVE-2026-58055 | NONE0 | libnghttp2-14 1.59.0-1ubuntu0.3 fixed in 1.59.0-1ubuntu0.4 | 0.2% Theoretical Threat | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.15.0 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
| GHSA-72hv-8253-57qq | NONE0 | com.fasterxml.jackson.core:jackson-core 2.17.2 fixed in 2.21.1, 2.18.6 | — | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.