Last scanned:
This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could achieve remote code execution or denial of service by exploiting flaws in zlib or expat, as httpd often compresses responses and may process XML. Disabling mod_deflate fully mitigates CVE-2018-25032, and ensuring XML parsing modules (e.g., mod_dav) are not exposed reduces risk from expat vulnerabilities. Note: the expat CVEs require processing external XML, which may not be enabled by default.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2018-25032 | CRITICAL9.75 | zlib 1.2.11-r3 fixed in 1.2.12-r0 | 52.1% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2022-22825 | HIGH8.8 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22826 | HIGH8.8 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22827 | HIGH8.8 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-24407 | HIGH8.8 | libsasl 2.1.27-r6 fixed in 2.1.28-r0 | 4.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-1271 | HIGH8.8 | xz-libs 5.2.5-r0 fixed in 5.2.5-r1 | 4.3% Low-Moderate Risk | Directly Exposed |
| CVE-2021-3517 | HIGH8.6 | libxml2 2.9.10-r4 fixed in 2.9.10-r6 | 8.3% Low-Moderate Risk | Directly Exposed |
| CVE-2021-3450 | HIGH8.51 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1k-r0 | 18.3% High Exploitation Risk | Directly Exposed |
| CVE-2021-3450 | HIGH8.51 | libssl1.1 1.1.1g-r0 fixed in 1.1.1k-r0 | 18.3% High Exploitation Risk | Directly Exposed |
| CVE-2022-25236 | HIGH8 | expat 2.2.9-r1 fixed in 2.2.10-r2 | 34.2% High Exploitation Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-22822 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 4.8% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-22823 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 3.4% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-22824 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 3.4% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-23852 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r1 | 4.5% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-25235 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r2 | 5.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2022-25315 | HIGH7.84 | expat 2.2.9-r1 fixed in 2.2.10-r2 | 4.8% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2021-46143 | HIGH7.8 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 3.8% Low-Moderate Risk | Directly Exposed |
| CVE-2021-23840 | HIGH7.8 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 50.7% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2022-0778 | HIGH7.8 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2021-23840 | HIGH7.8 | libssl1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 50.7% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2022-0778 | HIGH7.8 | libssl1.1 1.1.1g-r0 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Directly ExposedContext importance: MEDIUM |
| CVE-2021-3449 | HIGH7.67 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1k-r0 | 62.9% Actively Exploited | Directly Exposed |
| CVE-2021-3449 | HIGH7.67 | libssl1.1 1.1.1g-r0 fixed in 1.1.1k-r0 | 62.9% Actively Exploited | Directly Exposed |
| CVE-2022-23990 | HIGH7.5 | expat 2.2.9-r1 fixed in 2.2.10-r1 | 4.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25314 | HIGH7.5 | expat 2.2.9-r1 fixed in 2.2.10-r2 | 4.7% Low-Moderate Risk | Directly Exposed |
| CVE-2020-25692 | HIGH7.5 | libldap 2.4.50-r0 fixed in 2.4.50-r1 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2020-25709 | HIGH7.5 | libldap 2.4.50-r0 fixed in 2.4.50-r1 | 2.9% Low-Moderate Risk | Directly Exposed |
| CVE-2020-25710 | HIGH7.5 | libldap 2.4.50-r0 fixed in 2.4.50-r1 | 2.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-23308 | HIGH7.5 | libxml2 2.9.10-r4 fixed in 2.9.13-r0 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-45960 | HIGH7.04 | expat 2.2.9-r1 fixed in 2.2.10-r0 | 4.2% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2021-3518 | HIGH7.04 | libxml2 2.9.10-r4 fixed in 2.9.10-r6 | 3.7% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2020-8927 | MEDIUM6.5 | brotli-libs 1.0.7-r5 fixed in 1.0.9-r0 | 3.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25313 | MEDIUM6.5 | expat 2.2.9-r1 fixed in 2.2.10-r2 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2020-24977 | MEDIUM6.5 | libxml2 2.9.10-r4 fixed in 2.9.10-r5 | 3.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-3541 | MEDIUM6.5 | libxml2 2.9.10-r4 fixed in 2.9.12-r0 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2022-29824 | MEDIUM6.5 | libxml2 2.9.10-r4 fixed in 2.9.14-r0 | 3.6% Low-Moderate Risk | Directly Exposed |
| CVE-2020-1971 | MEDIUM5.9 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1i-r0 | 7.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-23841 | MEDIUM5.9 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 7.5% Low-Moderate Risk | Directly Exposed |
| CVE-2020-1971 | MEDIUM5.9 | libssl1.1 1.1.1g-r0 fixed in 1.1.1i-r0 | 7.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-23841 | MEDIUM5.9 | libssl1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 7.5% Low-Moderate Risk | Directly Exposed |
| CVE-2021-3537 | MEDIUM5.9 | libxml2 2.9.10-r4 fixed in 2.9.10-r6 | 3.5% Low-Moderate Risk | Directly Exposed |
| CVE-2021-3995 | MEDIUM4.67 | libuuid 2.35.2-r0 fixed in 2.37.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2021-3996 | MEDIUM4.67 | libuuid 2.35.2-r0 fixed in 2.37.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2022-0563 | MEDIUM4.67 | libuuid 2.35.2-r0 fixed in 2.37.4-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2020-28928 | MEDIUM4.67 | musl 1.1.24-r9 fixed in 1.1.24-r10 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2020-28928 | MEDIUM4.67 | musl-utils 1.1.24-r8 fixed in 1.1.24-r10 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2021-3711 | MEDIUM4.58 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1l-r0 | 87.8% Actively Exploited | Post-Exploit |
| CVE-2021-3711 | MEDIUM4.58 | libssl1.1 1.1.1g-r0 fixed in 1.1.1l-r0 | 87.8% Actively Exploited | Post-Exploit |
| CVE-2021-30139 | MEDIUM4.5 | apk-tools 2.10.5-r1 fixed in 2.10.6-r0 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-28831 | MEDIUM4.5 | busybox 1.31.1-r16 fixed in 1.31.1-r20 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8286 | MEDIUM4.5 | libcurl 7.69.1-r0 fixed in 7.69.1-r3 | 4.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22946 | MEDIUM4.5 | libcurl 7.69.1-r0 fixed in 7.79.0-r0 | 4.2% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27775 | MEDIUM4.5 | libcurl 7.69.1-r0 fixed in 7.79.1-r1 | 2.8% Low-Moderate Risk | Post-Exploit |
| CVE-2021-28831 | MEDIUM4.5 | ssl_client 1.31.1-r16 fixed in 1.31.1-r20 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42378 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42379 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42380 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.8% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42381 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42382 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42383 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42384 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42385 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42386 | MEDIUM4.32 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42378 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42379 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42380 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.8% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42381 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42382 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42383 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.1% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42384 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42385 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42386 | MEDIUM4.32 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-37434 | MEDIUM4.06 | zlib 1.2.11-r3 fixed in 1.2.12-r2 | 16.0% High Exploitation Risk | Post-Exploit |
| CVE-2021-22922 | LOW3.9 | libcurl 7.69.1-r0 fixed in 7.78.0-r0 | 4.3% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27776 | LOW3.9 | libcurl 7.69.1-r0 fixed in 7.79.1-r1 | 3.4% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22901 | LOW3.79 | libcurl 7.69.1-r0 fixed in 7.77.0-r0 | 60.1% Actively Exploited | Post-Exploit |
| CVE-2021-23839 | LOW3.7 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 3.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-23839 | LOW3.7 | libssl1.1 1.1.1g-r0 fixed in 1.1.1j-r0 | 3.0% Low-Moderate Risk | Directly Exposed |
| CVE-2021-22947 | LOW3.54 | libcurl 7.69.1-r0 fixed in 7.79.0-r0 | 2.8% Low-Moderate Risk | Post-Exploit |
| CVE-2021-27212 | LOW3.51 | libldap 2.4.50-r0 fixed in 2.4.50-r2 | 64.1% Actively Exploited | Post-Exploit |
| CVE-2021-3712 | LOW3.46 | libcrypto1.1 1.1.1g-r0 fixed in 1.1.1l-r0 | 50.4% Actively Exploited | Post-Exploit |
| CVE-2021-3712 | LOW3.46 | libssl1.1 1.1.1g-r0 fixed in 1.1.1l-r0 | 50.4% Actively Exploited | Post-Exploit |
| CVE-2022-27774 | LOW3.42 | libcurl 7.69.1-r0 fixed in 7.79.1-r1 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-36159 | LOW3.28 | apk-tools 2.10.5-r1 fixed in 2.10.7-r0 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22945 | LOW3.28 | libcurl 7.69.1-r0 fixed in 7.79.0-r0 | 6.2% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22876 | LOW3.18 | libcurl 7.69.1-r0 fixed in 7.76.0-r0 | 5.3% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22923 | LOW3.18 | libcurl 7.69.1-r0 fixed in 7.78.0-r0 | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22925 | LOW3.18 | libcurl 7.69.1-r0 fixed in 7.78.0-r0 | 4.9% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28391 | LOW3.17 | busybox 1.31.1-r16 fixed in 1.31.1-r22 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28391 | LOW3.17 | ssl_client 1.31.1-r16 fixed in 1.31.1-r22 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-22576 | LOW2.92 | libcurl 7.69.1-r0 fixed in 7.79.1-r1 | 1.9% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8177 | LOW2.81 | libcurl 7.69.1-r0 fixed in 7.69.1-r1 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8169 | LOW2.7 | libcurl 7.69.1-r0 fixed in 7.69.1-r1 | 3.4% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8231 | LOW2.7 | libcurl 7.69.1-r0 fixed in 7.69.1-r2 | 3.7% Low-Moderate Risk | Post-Exploit |
| CVE-2020-8285 | LOW2.7 | libcurl 7.69.1-r0 fixed in 7.69.1-r3 | 9.9% Low-Moderate Risk | Post-Exploit |
| CVE-2021-42374 | LOW2.7 | busybox 1.31.1-r16 fixed in 1.31.1-r21 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2021-42374 | LOW2.7 | ssl_client 1.31.1-r16 fixed in 1.31.1-r21 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2020-8284 | LOW2.22 | libcurl 7.69.1-r0 fixed in 7.74.0-r0 | 3.9% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22890 | LOW2.22 | libcurl 7.69.1-r0 fixed in 7.76.0-r0 | 3.1% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22924 | LOW2.22 | libcurl 7.69.1-r0 fixed in 7.78.0-r0 | 6.3% Low-Moderate Risk | Post-Exploit |
| CVE-2021-22898 | LOW1.86 | libcurl 7.69.1-r0 fixed in 7.77.0-r0 | 4.4% Low-Moderate Risk | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.