Vulnerability Reportnginxdemos/hello:0.4-plain-text

nginxdemos/hello:0.4-plain-textnginxdemos/hello:plain-text

DIGESTsha256:751bf8933179b086091927eefd952f46b19ba37fa22d47e88da1c0c9921cbc8e

Executive Summary

Threat ScoreCAUTION• 92 exposed vulnerabilities found, 24 of which have a CVSS score >= 6.0, indicating a large attack surface.• Notable high-severity findings include CVE-2026-40200 (musl qsort memory corruption) and CVE-2026-33636 (libpng out-of-bounds read/write), both with CVSS 6.4+.• Multiple OpenSSL NULL pointer dereference vulnerabilities (e.g., CVE-2025-69421) can cause denial of service, but require specific conditions like delta CRL processing or QUIC usage.• The image is from a reputable community publisher (350M+ pulls) and pinned by digest, but the underlying OS libraries carry significant unpatched vulnerabilities.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (350M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could trigger denial of service via crafted input to OpenSSL (CVE-2025-69421) or the libpng palette expansion (CVE-2026-33636), potentially crashing the nginx service. Most of the high-impact vulnerabilities require local access or non-default configurations (e.g., QUIC, delta CRL processing), reducing the immediate threat, but the sheer number of unpatched CVEs increases the likelihood of exploit chain development.

Vulnerabilities

Vulnerability Log

122 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-40200	MEDIUM6.63	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Directly Exposed
CVE-2026-33636	MEDIUM6.46	libpng 1.6.47-r0 fixed in 1.6.56-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45186	MEDIUM6.38	libexpat 2.7.1-r0 fixed in 2.8.1-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-49795	MEDIUM6.38	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-6732	MEDIUM6.38	libxml2 2.13.8-r0 fixed in 2.13.9-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	nghttp2-libs 1.65.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-64720	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-65018	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-66293	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.53-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22695	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libssl3 3.5.1-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libssl3 3.5.1-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-59375	MEDIUM5.3	libexpat 2.7.1-r0 fixed in 2.7.2-r0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-64506	MEDIUM5.18	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-62408	MEDIUM5.02	c-ares 1.34.5-r0 fixed in 1.34.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4367	MEDIUM4.67	libxpm 3.5.17-r0 fixed in 3.5.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.8.1-r0 fixed in 5.8.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.1-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-64505	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34757	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.57-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-49796	LOW3.28	libxml2 2.13.8-r0 fixed in 2.13.9-r0	1.4% Low-Moderate Risk	Post-Exploit
CVE-2026-45446	LOW3.15	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41080	LOW3.15	libexpat 2.7.1-r0 fixed in 2.8.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-9232	LOW3.1	libssl3 3.5.1-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-31789	LOW3	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.1-r0 fixed in 3.5.7-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2025-8961	LOW2.8	tiff 4.7.0-r0 fixed in 4.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9165	LOW2.8	tiff 4.7.0-r0 fixed in 4.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2025-49794	LOW2.78	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2025-58050	LOW2.78	pcre2 10.43-r1 fixed in 10.46-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2026-33416	LOW2.7	libpng 1.6.47-r0 fixed in 1.6.56-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2025-6021	LOW2.7	libxml2 2.13.8-r0 fixed in 2.13.9-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-25646	LOW2.48	libpng 1.6.47-r0 fixed in 1.6.55-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-10148	LOW2.45	curl 8.14.1-r1 fixed in 8.14.1-r2	0.5% Theoretical Threat	Post-Exploit
CVE-2025-10148	LOW2.45	libcurl 8.14.1-r1 fixed in 8.14.1-r2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-25210	LOW2.39	libexpat 2.7.1-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-22801	LOW2.39	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.1-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-6170	LOW2.12	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9086	LOW1.91	curl 8.14.1-r1 fixed in 8.14.1-r2	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-9086	LOW1.91	libcurl 8.14.1-r1 fixed in 8.14.1-r2	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2024-58251	NONE0	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable