Last scanned:
This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit these vulnerabilities to achieve remote code execution, gain unauthorized access to sensitive data, or disrupt service availability. Note that CVE-2022-29155 only applies if the LDAP backend is enabled, and CVE-2022-37434 requires the application to call inflateGetHeader, which may not be the case in typical HTTPD deployments. However, many other vulnerabilities are remotely exploitable without authentication and should be addressed by updating the base image or applying vendor patches. Without immediate remediation, deploying this image in an internet-facing environment poses substantial risk.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2022-25236 | CRITICAL10 | expat 2.4.1-r0 fixed in 2.4.5-r0 | 34.2% High Exploitation Risk | Directly Exposed |
| CVE-2022-29155 | CRITICAL10 | libldap 2.6.0-r0 fixed in 2.6.2-r0 | 69.9% Actively Exploited | Directly Exposed |
| CVE-2022-37434 | CRITICAL10 | zlib 1.2.11-r3 fixed in 1.2.12-r2 | 15.9% High Exploitation Risk | Directly Exposed |
| CVE-2022-24963 | CRITICAL9.8 | apr 1.7.0-r0 fixed in 1.7.1-r0 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-28331 | CRITICAL9.8 | apr 1.7.0-r0 fixed in 1.7.1-r0 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22822 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 4.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22823 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 3.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22824 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 3.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-23852 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.4-r0 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25235 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.5-r0 | 5.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25315 | CRITICAL9.8 | expat 2.4.1-r0 fixed in 2.4.5-r0 | 4.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-0778 | CRITICAL9.75 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Directly Exposed |
| CVE-2022-0778 | CRITICAL9.75 | libretls 3.3.4-r2 fixed in 3.3.4-r3 | 70.6% Actively Exploited | Directly Exposed |
| CVE-2022-0778 | CRITICAL9.75 | libssl1.1 1.1.1l-r8 fixed in 1.1.1n-r0 | 70.6% Actively Exploited | Directly Exposed |
| CVE-2023-44487 | CRITICAL9.75 | nghttp2-libs 1.46.0-r0 fixed in 1.46.0-r2 | 100.0% Actively Exploited | Directly Exposed |
| CVE-2018-25032 | CRITICAL9.75 | zlib 1.2.11-r3 fixed in 1.2.12-r0 | 51.7% Actively Exploited | Directly Exposed |
| CVE-2023-0286 | CRITICAL9.62 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 59.5% Actively Exploited | Directly Exposed |
| CVE-2023-0286 | CRITICAL9.62 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 59.5% Actively Exploited | Directly Exposed |
| CVE-2021-45960 | HIGH8.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 4.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22825 | HIGH8.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22826 | HIGH8.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-22827 | HIGH8.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-24407 | HIGH8.8 | libsasl 2.1.27-r14 fixed in 2.1.28-r0 | 4.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-1271 | HIGH8.8 | xz-libs 5.2.5-r0 fixed in 5.2.5-r1 | 4.3% Low-Moderate Risk | Directly Exposed |
| CVE-2022-4450 | HIGH8.62 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 20.4% High Exploitation Risk | Directly Exposed |
| CVE-2022-4450 | HIGH8.62 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 20.4% High Exploitation Risk | Directly Exposed |
| CVE-2022-40303 | HIGH8.62 | libxml2 2.9.12-r2 fixed in 2.9.14-r2 | 22.8% High Exploitation Risk | Directly Exposed |
| CVE-2023-2650 | HIGH8.45 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1u-r0 | 73.5% Actively Exploited | Directly Exposed |
| CVE-2023-2650 | HIGH8.45 | libssl1.1 1.1.1l-r8 fixed in 1.1.1u-r0 | 73.5% Actively Exploited | Directly Exposed |
| CVE-2022-40674 | HIGH8.1 | expat 2.4.1-r0 fixed in 2.4.9-r0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2021-46143 | HIGH7.8 | expat 2.4.1-r0 fixed in 2.4.3-r0 | 3.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-40304 | HIGH7.8 | libxml2 2.9.12-r2 fixed in 2.9.14-r2 | 6.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-38545 | HIGH7.64 | libcurl 7.80.0-r0 fixed in 8.4.0-r0 | 78.5% Actively Exploited | Post-Exploit |
| CVE-2022-23990 | HIGH7.5 | expat 2.4.1-r0 fixed in 2.4.4-r0 | 4.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25314 | HIGH7.5 | expat 2.4.1-r0 fixed in 2.4.5-r0 | 4.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-43680 | HIGH7.5 | expat 2.4.1-r0 fixed in 2.5.0-r0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0215 | HIGH7.5 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0464 | HIGH7.5 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r2 | 3.7% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0215 | HIGH7.5 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0464 | HIGH7.5 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r2 | 3.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-2309 | HIGH7.5 | libxml2 2.9.12-r2 fixed in 2.9.14-r1 | 2.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-23308 | HIGH7.5 | libxml2 2.9.12-r2 fixed in 2.9.13-r0 | 6.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-35945 | HIGH7.5 | nghttp2-libs 1.46.0-r0 fixed in 1.46.0-r1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2021-35940 | HIGH7.1 | apr 1.7.0-r0 fixed in 1.7.0-r1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-4304 | MEDIUM6.79 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 16.2% High Exploitation Risk | Directly Exposed |
| CVE-2022-4304 | MEDIUM6.79 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r0 | 16.2% High Exploitation Risk | Directly Exposed |
| CVE-2022-25147 | MEDIUM6.5 | apr 1.7.0-r0 fixed in 1.7.1-r0 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25147 | MEDIUM6.5 | apr-util 1.6.1-r11 fixed in 1.6.3-r0 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25147 | MEDIUM6.5 | apr-util-ldap 1.6.1-r11 fixed in 1.6.3-r0 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-25313 | MEDIUM6.5 | expat 2.4.1-r0 fixed in 2.4.5-r0 | 3.3% Low-Moderate Risk | Directly Exposed |
| CVE-2022-29824 | MEDIUM6.5 | libxml2 2.9.12-r2 fixed in 2.9.14-r0 | 3.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-32207 | MEDIUM5.88 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 6.8% Low-Moderate Risk | Post-Exploit |
| CVE-2022-32221 | MEDIUM5.88 | libcurl 7.80.0-r0 fixed in 7.80.0-r4 | 4.3% Low-Moderate Risk | Post-Exploit |
| CVE-2023-38039 | MEDIUM5.85 | libcurl 7.80.0-r0 fixed in 8.3.0-r0 | 62.2% Actively Exploited | Post-Exploit |
| CVE-2022-2097 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1q-r0 | 4.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0465 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1t-r2 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3446 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1u-r2 | 5.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3817 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1v-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-5678 | MEDIUM5.3 | libcrypto1.1 1.1.1l-r8 fixed in 1.1.1w-r1 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-2097 | MEDIUM5.3 | libssl1.1 1.1.1l-r8 fixed in 1.1.1q-r0 | 4.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-0465 | MEDIUM5.3 | libssl1.1 1.1.1l-r8 fixed in 1.1.1t-r2 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3446 | MEDIUM5.3 | libssl1.1 1.1.1l-r8 fixed in 1.1.1u-r2 | 5.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3817 | MEDIUM5.3 | libssl1.1 1.1.1l-r8 fixed in 1.1.1v-r0 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-5678 | MEDIUM5.3 | libssl1.1 1.1.1l-r8 fixed in 1.1.1w-r1 | 4.5% Low-Moderate Risk | Directly Exposed |
| CVE-2022-28391 | MEDIUM5.28 | busybox 1.34.1-r3 fixed in 1.34.1-r5 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2023-27533 | MEDIUM5.28 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 2.0% Low-Moderate Risk | Post-Exploit |
| CVE-2023-27534 | MEDIUM5.28 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 2.2% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28391 | MEDIUM5.28 | ssl_client 1.34.1-r3 fixed in 1.34.1-r5 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-43551 | MEDIUM5.17 | libcurl 7.80.0-r0 fixed in 7.80.0-r5 | 16.5% High Exploitation Risk | Post-Exploit |
| CVE-2022-22576 | MEDIUM4.86 | libcurl 7.80.0-r0 fixed in 7.80.0-r1 | 1.9% Low-Moderate Risk | Post-Exploit |
| CVE-2022-42915 | MEDIUM4.86 | libcurl 7.80.0-r0 fixed in 7.80.0-r4 | 2.9% Low-Moderate Risk | Post-Exploit |
| CVE-2021-3995 | MEDIUM4.67 | libuuid 2.37.2-r1 fixed in 2.37.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2021-3996 | MEDIUM4.67 | libuuid 2.37.2-r1 fixed in 2.37.3-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2022-0563 | MEDIUM4.67 | libuuid 2.37.2-r1 fixed in 2.37.4-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-23914 | MEDIUM4.64 | libcurl 7.80.0-r0 fixed in 7.80.0-r6 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2022-27775 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 7.80.0-r1 | 2.8% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27780 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 2.2% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27781 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 2.4% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27782 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 2.6% Low-Moderate Risk | Post-Exploit |
| CVE-2022-42916 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 7.80.0-r4 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2023-28319 | MEDIUM4.5 | libcurl 7.80.0-r0 fixed in 8.1.0-r0 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-32206 | MEDIUM4.48 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 32.0% High Exploitation Risk | Post-Exploit |
| CVE-2023-47038 | LOW3.98 | perl 5.34.0-r1 fixed in 5.34.2-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2022-27776 | LOW3.9 | libcurl 7.80.0-r0 fixed in 7.80.0-r1 | 3.4% Low-Moderate Risk | Post-Exploit |
| CVE-2023-23916 | LOW3.9 | libcurl 7.80.0-r0 fixed in 7.80.0-r6 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2023-46218 | LOW3.9 | libcurl 7.80.0-r0 fixed in 8.5.0-r0 | 1.7% Low-Moderate Risk | Post-Exploit |
| CVE-2022-32208 | LOW3.54 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 6.8% Low-Moderate Risk | Post-Exploit |
| CVE-2022-43552 | LOW3.54 | libcurl 7.80.0-r0 fixed in 7.80.0-r5 | 2.5% Low-Moderate Risk | Post-Exploit |
| CVE-2023-27535 | LOW3.54 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2023-27536 | LOW3.54 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2023-27537 | LOW3.54 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 1.9% Low-Moderate Risk | Post-Exploit |
| CVE-2023-28320 | LOW3.54 | libcurl 7.80.0-r0 fixed in 8.1.0-r0 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2023-28321 | LOW3.54 | libcurl 7.80.0-r0 fixed in 8.1.0-r0 | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2022-27774 | LOW3.42 | libcurl 7.80.0-r0 fixed in 7.80.0-r1 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2023-23915 | LOW3.31 | libcurl 7.80.0-r0 fixed in 7.80.0-r6 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2023-27538 | LOW3.3 | libcurl 7.80.0-r0 fixed in 8.0.1-r0 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2023-46219 | LOW3.18 | libcurl 7.80.0-r0 fixed in 8.5.0-r0 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2022-32205 | LOW2.97 | libcurl 7.80.0-r0 fixed in 7.80.0-r2 | 26.9% High Exploitation Risk | Post-Exploit |
| CVE-2022-35252 | LOW2.22 | libcurl 7.80.0-r0 fixed in 7.80.0-r3 | 1.8% Low-Moderate Risk | Post-Exploit |
| CVE-2023-28322 | LOW2.22 | libcurl 7.80.0-r0 fixed in 8.1.0-r0 | 2.2% Low-Moderate Risk | Post-Exploit |
| CVE-2023-38546 | LOW2.22 | libcurl 7.80.0-r0 fixed in 8.4.0-r0 | 6.2% Low-Moderate Risk | Post-Exploit |
Want to check another image? Run a full scan with the Docker Security Scanner.