Last scanned:
This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The only notable exposed vulnerability (CVE-2026-33630) is a use-after-free in c-ares that can cause denial of service or memory corruption via crafted DNS responses; however, it requires nginx to be configured with a resolver and hostnames in upstreams—if such configuration is absent, the risk is largely mitigated. Other vulnerabilities are low-severity and pose minimal practical threat.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-33630 | MEDIUM6 | c-ares 1.34.6-r0 fixed in 1.34.8-r0 | — | Directly ExposedContext importance: MEDIUM |
| CVE-2026-56132 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56403 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56404 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56405 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56406 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56410 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-56411 | MEDIUM5.87 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-50219 | MEDIUM5.02 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-56412 | MEDIUM5.02 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-4873 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-4873 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-6253 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-7009 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7168 | LOW2.7 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5773 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-6276 | LOW2.29 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | curl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-5545 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-6429 | LOW1.99 | libcurl 8.19.0-r0 fixed in 8.20.0-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-56131 | NONE0 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56407 | NONE0 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56408 | NONE0 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56409 | NONE0 | libexpat 2.8.1-r0 fixed in 2.8.2-r0 | <0.1% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.