Vulnerability Reportgolang:1.22-alpine

golang:1.22-alpine
DIGESTsha256:1699c10032ca2582ec89a24a1312d986a3f094aed3d5c1147b19880afe40e052

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit critical vulnerabilities to achieve unauthorized TLS sessions, execute remote code, or trigger denial-of-service in core application functionalities. Key vulnerabilities include `CVE-2025-68121` (severity 8.5) which impacts TLS certificate validation, and `CVE-2025-15467` (severity 6.66) in OpenSSL that could lead to remote code execution. It is important to note that the TLS issue requires specific configurations for session resumption, and the OpenSSL risk applies only if untrusted CMS/PKCS#7 content is parsed. However, other high-severity denial-of-service issues, like those affecting HTTP/2 handling (e.g., `CVE-2026-33814`), may be exploitable without special configuration.

Threat Score
100/100
DANGEROUS
Reputation
TRUSTED
Docker Official
BaseImage/
golang:1.22-alpine
Hardened
Grade
A+
Vulns
0
Verified & secured for production

Vulnerabilities

Vulnerability Log

99 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-68121HIGH8.5
stdlib
v1.22.12
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
<0.1%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-33811HIGH7.5
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Directly ExposedContext importance: HIGH
CVE-2026-33814HIGH7.5
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Directly ExposedContext importance: HIGH
CVE-2026-39820HIGH7.5
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Directly ExposedContext importance: HIGH
CVE-2025-15467MEDIUM6.66
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-15467MEDIUM6.66
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-40200MEDIUM6.63
musl
1.2.5-r8
fixed in 1.2.5-r11
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40200MEDIUM6.63
musl-utils
1.2.5-r8
fixed in 1.2.5-r11
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22184MEDIUM6.63
zlib
1.3.1-r2
fixed in 1.3.2-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61726MEDIUM6.38
stdlib
v1.22.12
fixed in 1.24.12, 1.25.6
<0.1%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2025-61729MEDIUM6.38
stdlib
v1.22.12
fixed in 1.24.11, 1.25.5
<0.1%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-25679MEDIUM6.38
stdlib
v1.22.12
fixed in 1.25.8, 1.26.1
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2024-12797MEDIUM6.29
libcrypto3
3.3.2-r4
fixed in 3.3.3-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2024-12797MEDIUM6.29
libssl3
3.3.2-r4
fixed in 3.3.3-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r8
fixed in 1.2.5-r9
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl-utils
1.2.5-r8
fixed in 1.2.5-r9
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.22.12
fixed in 1.23.12, 1.24.6
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.22.12
fixed in 1.23.10, 1.24.4
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.22.12
fixed in 1.23.12, 1.24.6
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.22.12
fixed in 1.24.11, 1.25.5
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM5.4
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM5.1
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-61728MEDIUM5.1
stdlib
v1.22.12
fixed in 1.24.12, 1.25.6
<0.1%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-9231MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9231MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM4.76
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM4.76
libssl3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r8
fixed in 1.2.5-r10
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r8
fixed in 1.2.5-r10
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.22.12
fixed in 1.25.9, 1.26.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.22.12
fixed in 1.23.8, 1.24.2
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.22.12
fixed in 1.25.8, 1.26.1
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.22.12
fixed in 1.23.9, 1.24.3
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.9, 1.25.3
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.12, 1.25.6
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.22.12
fixed in 1.24.8, 1.25.2
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libssl3
3.3.2-r4
fixed in 3.3.7-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.2-r5
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.2-r5
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.22.12
fixed in 1.23.7, 1.24.1
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-39836LOW2.7
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Post-Exploit
CVE-2025-9232LOW2.63
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW2.63
libssl3
3.3.2-r4
fixed in 3.3.5-r0
<0.1%
Theoretical Threat
Directly Exposed
CVE-2026-27139LOW2.12
stdlib
v1.22.12
fixed in 1.25.8, 1.26.1
<0.1%
Theoretical Threat
Directly Exposed
CVE-2025-46394LOW1.68
busybox
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
<0.1%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.22.12
fixed in 1.25.10, 1.26.3
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.22.12
fixed in 1.25.11, 1.26.4
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.22.12
fixed in 1.23.10, 1.24.4
<0.1%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.22.12
fixed in 1.25.11, 1.26.4
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.22.12
fixed in 1.25.11, 1.26.4
Not Applicable