Last scanned:
This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service or memory corruption via crafted XML input, exploiting vulnerabilities in libxml2 and libexpat that are reachable over HTTP. Disabling mod_dav (if not required) fully eliminates the attack vector for these XML-based vulnerabilities. Note that CVE-2026-28388 requires a non-default flag (X509_V_FLAG_USE_DELTAS) to be exploitable, reducing its practical risk.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2025-49796 | CRITICAL9.1 | libxml2 2.13.8-r0 fixed in 2.13.9-r0 | 1.4% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2025-49794 | HIGH7.73 | libxml2 2.13.8-r0 fixed in 2.13.9-r0 | 0.7% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2025-6021 | HIGH7.5 | libxml2 2.13.8-r0 fixed in 2.13.9-r0 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2026-25210 | MEDIUM6.63 | libexpat 2.7.1-r0 fixed in 2.7.4-r0 | 0.2% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-28388 | MEDIUM6.38 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-45186 | MEDIUM6.38 | libexpat 2.7.1-r0 fixed in 2.8.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-49795 | MEDIUM6.38 | libxml2 2.13.8-r0 fixed in 2.13.9-r0 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-6732 | MEDIUM6.38 | libxml2 2.13.8-r0 fixed in 2.13.9-r1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-27135 | MEDIUM6.38 | nghttp2-libs 1.65.0-r0 fixed in 1.68.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69419 | MEDIUM6.29 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.5-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2025-9231 | MEDIUM5.9 | libcrypto3 3.5.0-r0 fixed in 3.5.4-r0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9231 | MEDIUM5.9 | libssl3 3.5.0-r0 fixed in 3.5.4-r0 | 2.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-56132 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56403 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56404 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56405 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56406 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56410 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56411 | MEDIUM5.87 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libcrypto3 3.5.0-r0 fixed in 3.5.4-r0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9230 | MEDIUM5.6 | libssl3 3.5.0-r0 fixed in 3.5.4-r0 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-59375 | MEDIUM5.3 | libexpat 2.7.1-r0 fixed in 2.7.2-r0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2025-11187 | MEDIUM5.18 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-11187 | MEDIUM5.18 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-62408 | MEDIUM5.02 | c-ares 1.34.5-r0 fixed in 1.34.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50219 | MEDIUM5.02 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-56412 | MEDIUM5.02 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-15468 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-66199 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-69420 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-22796 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-15469 | MEDIUM4.67 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32776 | MEDIUM4.67 | libexpat 2.7.1-r0 fixed in 2.7.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-32777 | MEDIUM4.67 | libexpat 2.7.1-r0 fixed in 2.7.5-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32778 | MEDIUM4.67 | libexpat 2.7.1-r0 fixed in 2.7.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-15469 | MEDIUM4.67 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22795 | MEDIUM4.67 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.5-r10 fixed in 1.2.5-r11 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-34743 | MEDIUM4.5 | xz-libs 5.8.1-r0 fixed in 5.8.3-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-15467 | MEDIUM4.06 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 47.6% High Exploitation Risk | Post-Exploit |
| CVE-2025-15467 | MEDIUM4.06 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 47.6% High Exploitation Risk | Post-Exploit |
| CVE-2025-68160 | MEDIUM4 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68160 | MEDIUM4 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-69418 | LOW3.4 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-41080 | LOW3.15 | libexpat 2.7.1-r0 fixed in 2.8.1-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | libcrypto3 3.5.0-r0 fixed in 3.5.4-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-9232 | LOW3.1 | libssl3 3.5.0-r0 fixed in 3.5.4-r0 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-31789 | LOW3 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libcrypto3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.5.0-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-5399 | LOW2.58 | libcurl 8.14.0-r2 fixed in 8.14.1-r0 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libcrypto3 3.5.0-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libssl3 3.5.0-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2025-10148 | LOW2.45 | libcurl 8.14.0-r2 fixed in 8.14.1-r2 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | LOW2.39 | musl 1.2.5-r10 fixed in 1.2.5-r12 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-22184 | LOW2.39 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-69421 | LOW2.29 | libcrypto3 3.5.0-r0 fixed in 3.5.5-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2025-69421 | LOW2.29 | libssl3 3.5.0-r0 fixed in 3.5.5-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-24515 | LOW2.12 | libexpat 2.7.1-r0 fixed in 2.7.4-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-6170 | LOW2.12 | libxml2 2.13.8-r0 fixed in 2.13.9-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-5545 | LOW1.99 | libcurl 8.14.0-r2 fixed in 8.14.1-r3 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2025-9086 | LOW1.91 | libcurl 8.14.0-r2 fixed in 8.14.1-r2 | 1.3% Low-Moderate Risk | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox 1.37.0-r18 fixed in 1.37.0-r20 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-46394 | LOW1.68 | ssl_client 1.37.0-r18 fixed in 1.37.0-r20 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | NONE0 | musl-utils 1.2.5-r10 fixed in 1.2.5-r12 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-6042 | NONE0 | musl-utils 1.2.5-r10 fixed in 1.2.5-r11 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | busybox 1.37.0-r18 fixed in 1.37.0-r20 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2025-4575 | NONE0 | libcrypto3 3.5.0-r0 fixed in 3.5.1-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-56131 | NONE0 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56407 | NONE0 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56408 | NONE0 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56409 | NONE0 | libexpat 2.7.1-r0 fixed in 2.8.2-r0 | <0.1% Theoretical Threat | Not Applicable |
| CVE-2025-4575 | NONE0 | libssl3 3.5.0-r0 fixed in 3.5.1-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2024-58251 | NONE0 | ssl_client 1.37.0-r18 fixed in 1.37.0-r20 | 0.2% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.