Vulnerability Reportgrafana/grafana:12.3.5

grafana/grafana:12.3.5
DIGESTsha256:a604f143dbb145a16cd58d22b1451826ee59fcf9de561dc6d698b1de222272d0

Executive Summary

Last scanned:

Threat Score
75/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2026-34040 to bypass authorization in Docker/Moby and gain elevated privileges, or exploit CVE-2026-33186 to bypass gRPC authorization if a gRPC server is exposed. While some vulnerabilities require non-default configurations (e.g., CVE-2026-33186 requires gRPC exposure, CVE-2026-28387 requires uncommon DANE settings), the overall count of 123 exposed vulnerabilities, including 56 with severity >= 6.0, makes the image unacceptable for production deployment.

Vulnerabilities

Vulnerability Log

163 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-34040HIGH7.8
github.com/moby/moby
v27.5.1+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-33186HIGH7.28
google.golang.org/grpc
v1.78.0
fixed in 1.79.3
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-28387MEDIUM6.88
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM6.88
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33997MEDIUM6.88
github.com/moby/moby
v27.5.1+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-55689MEDIUM6.88
github.com/openfga/openfga
v1.11.3
fixed in 1.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39831MEDIUM6.88
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-1229MEDIUM6.66
github.com/cloudflare/circl
v1.6.1
fixed in 1.6.3
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-41889MEDIUM6.66
github.com/jackc/pgx/v5
v5.8.0
fixed in 5.9.2
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-40200MEDIUM6.63
musl
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40200MEDIUM6.63
musl-utils
1.2.5-r21
fixed in 1.2.5-r23
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22184MEDIUM6.63
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.25.8
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
nghttp2-libs
1.68.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-32285MEDIUM6.38
github.com/buger/jsonparser
v1.1.1
fixed in 1.1.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34986MEDIUM6.38
github.com/go-jose/go-jose/v4
v4.1.3
fixed in 4.1.4
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-21728MEDIUM6.38
github.com/grafana/tempo
v1.5.1-0.20250529124718-87c2dc380cec
fixed in 2.8.4, 2.9.2, 2.10.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-41567MEDIUM6.38
github.com/moby/moby
v27.5.1+incompatible
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40293MEDIUM6.38
github.com/openfga/openfga
v1.11.3
fixed in 1.14.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42151MEDIUM6.38
github.com/prometheus/prometheus
v0.303.1
fixed in 0.311.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42154MEDIUM6.38
github.com/prometheus/prometheus
v0.303.1
fixed in 0.311.3, 0.305.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-29181MEDIUM6.38
go.opentelemetry.io/otel
v1.39.0
fixed in 1.41.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
v0.12.2
fixed in 0.19.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
v1.38.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
v1.38.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.47.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42306MEDIUM6.12
github.com/moby/moby
v27.5.1+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33630MEDIUM6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.39.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33815MEDIUM5.65
github.com/jackc/pgx/v5
v5.8.0
fixed in 5.9.0
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33816MEDIUM5.65
github.com/jackc/pgx/v5
v5.8.0
fixed in 5.9.0
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-39821MEDIUM5.58
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-28377MEDIUM5.52
github.com/grafana/tempo
v1.5.1-0.20250529124718-87c2dc380cec
fixed in 2.10.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-40179MEDIUM5.18
github.com/prometheus/prometheus
v0.303.1
fixed in 0.311.2-0.20260410083055-07c6232d159b
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-44903MEDIUM5.18
github.com/prometheus/prometheus
v0.303.1
fixed in 0.311.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r21
fixed in 1.2.5-r22
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.25.8
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-55170MEDIUM4.59
github.com/openfga/openfga
v1.11.3
fixed in 1.18.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.47.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.25.8
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-21726MEDIUM4.5
github.com/grafana/loki/v3
v3.2.1
fixed in 3.6.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-48096MEDIUM4.5
github.com/openfga/openfga
v1.11.3
fixed in 1.16.0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.25.8
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.25.8
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41131MEDIUM4.25
github.com/openfga/openfga
v1.11.3
fixed in 1.14.1
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3784LOW3.31
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW3.31
curl
8.17.0-r1
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW3.31
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-3784LOW3.31
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW3.31
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW3.31
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-41568LOW3.31
github.com/moby/moby
v27.5.1+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-3805LOW3.21
curl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW3.21
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW3.15
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33729LOW3
github.com/openfga/openfga
v1.11.3
fixed in 1.13.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-3783LOW2.91
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-3783LOW2.91
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-32952LOW2.7
github.com/Azure/go-ntlmssp
v0.0.0-20220621081337-cb9428e4ac1e
fixed in 0.1.1
1.0%
Low-Moderate Risk
Post-Exploit
CVE-2026-41602LOW2.7
github.com/apache/thrift
v0.22.0
fixed in 0.23.0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-4873LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-4873LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34972LOW2.69
github.com/openfga/openfga
v1.11.3
fixed in 1.14.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.45.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
curl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
curl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
curl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-1965LOW2.08
curl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW2.08
curl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-1965LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW1.99
curl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW1.99
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
GHSA-xmrv-pmrh-hhx2NONE0
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
v1.6.11
fixed in 1.7.8
Not Applicable
GHSA-xmrv-pmrh-hhx2NONE0
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
v1.51.0
fixed in 1.65.0
Not Applicable
GHSA-xmrv-pmrh-hhx2NONE0
github.com/aws/aws-sdk-go-v2/service/s3
v1.84.0
fixed in 1.97.3
Not Applicable
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.17.4
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-24051NONE0
go.opentelemetry.io/otel/sdk
v1.39.0
fixed in 1.40.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.45.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.47.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.39.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.32.0
fixed in 0.39.0
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.