Last scanned:
This base/runtime image is a clean foundation for building production images. It has 12 exposed vulnerabilities and 20 post-exploit-only vulnerabilities, but all are low severity (maximum 5.35 and 2.92 respectively), posing minimal practical risk. As an official Docker image pinned by digest, it provides a trusted and immutable starting point. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-34181 | MEDIUM5.35 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45447 | LOW2.92 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39822 | LOW2.39 | stdlib v1.26.4 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW2.29 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW2.29 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42764 | LOW1.81 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW1.81 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42764 | LOW1.81 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW1.81 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW1.81 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW1.81 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW1.62 | libcrypto3 3.5.6-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW1.62 | libssl3 3.5.6-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42505 | LOW1.62 | stdlib v1.26.4 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.