Vulnerability Reportnginxdemos/hello:0.4

nginxdemos/hello:latestnginxdemos/hello:0.4

DIGESTsha256:b28d1e16c676896aaa98ed9c36d406cc4f4289558487f15e37e04354720f807a

Executive Summary

Threat ScoreCAUTION• 95 exposed vulnerabilities, including 1 high-severity (CVE-2025-49796, CVSS 7.28) and 27 medium-severity (≥6.0).• CVE-2025-49796 in libxml2 may cause denial of service or memory corruption if nginx processes malicious XML.• Multiple OpenSSL CVEs (CVE-2026-28388, CVE-2025-69421) enable denial of service via malformed PKCS#12 or CRL input.• 25 post-exploit vulnerabilities exist but are low severity (max 4.06) and not practically exploitable in nginx context.• Image is popular (350M+ pulls) and pinned by digest, reducing supply chain risk.

53/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (350M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service by sending crafted XML (CVE-2025-49796) or PKCS#12 data (CVE-2025-69421), potentially disrupting availability if nginx uses related modules. Disabling XML processing modules like ngx_http_xslt_filter_module fully mitigates CVE-2025-49796. Many OpenSSL vulnerabilities require non-default configurations (e.g., delta CRL processing for CVE-2026-28388) to be exploitable, reducing their practical impact.

Vulnerabilities

Vulnerability Log

122 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-49796	HIGH7.28	libxml2 2.13.8-r0 fixed in 2.13.9-r0	1.4% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-33636	MEDIUM6.46	libpng 1.6.47-r0 fixed in 1.6.56-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-45186	MEDIUM6.38	libexpat 2.7.1-r0 fixed in 2.8.1-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28388	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.9% Theoretical Threat	Directly Exposed
CVE-2026-28389	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-28390	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34183	MEDIUM6.38	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-49795	MEDIUM6.38	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-6732	MEDIUM6.38	libxml2 2.13.8-r0 fixed in 2.13.9-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2026-27135	MEDIUM6.38	nghttp2-libs 1.65.0-r0 fixed in 1.68.1	0.6% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34182	MEDIUM6.29	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-49794	MEDIUM6.18	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-58050	MEDIUM6.18	pcre2 10.43-r1 fixed in 10.46-r0	0.7% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-64720	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-65018	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-66293	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.53-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22695	MEDIUM6.03	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-6021	MEDIUM6	libxml2 2.13.8-r0 fixed in 2.13.9-r0	1.1% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-9231	MEDIUM5.9	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9231	MEDIUM5.9	libssl3 3.5.1-r0 fixed in 3.5.4-r0	2.3% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2025-9230	MEDIUM5.6	libssl3 3.5.1-r0 fixed in 3.5.4-r0	1.8% Low-Moderate Risk	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-2673	MEDIUM5.52	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34181	MEDIUM5.35	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42768	MEDIUM5.35	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-25210	MEDIUM5.3	libexpat 2.7.1-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-59375	MEDIUM5.3	libexpat 2.7.1-r0 fixed in 2.7.2-r0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-64506	MEDIUM5.18	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-11187	MEDIUM5.18	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-62408	MEDIUM5.02	c-ares 1.34.5-r0 fixed in 1.34.6-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-31790	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.6-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2026-42764	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15468	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-66199	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-42769	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42770	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-9076	MEDIUM5.02	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32776	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-32777	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32778	MEDIUM4.67	libexpat 2.7.1-r0 fixed in 2.7.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15469	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM4.67	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-4367	MEDIUM4.67	libxpm 3.5.17-r0 fixed in 3.5.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-6042	MEDIUM4.67	musl 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42766	MEDIUM4.5	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2026-42767	MEDIUM4.5	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	xz-libs 5.8.1-r0 fixed in 5.8.3-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM4.25	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM4.06	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-15467	MEDIUM4.06	libssl3 3.5.1-r0 fixed in 3.5.5-r0	48.7% High Exploitation Risk	Post-Exploit
CVE-2025-68160	MEDIUM4	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-64505	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.51-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-34757	LOW3.74	libpng 1.6.47-r0 fixed in 1.6.57-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.5.1-r0 fixed in 3.5.5-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-41080	LOW3.15	libexpat 2.7.1-r0 fixed in 2.8.1-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.15	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW3.1	libcrypto3 3.5.1-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2025-9232	LOW3.1	libssl3 3.5.1-r0 fixed in 3.5.4-r0	2.0% Low-Moderate Risk	Directly Exposed
CVE-2026-31789	LOW3	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-31789	LOW3	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-45447	LOW2.92	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2026-45447	LOW2.92	libssl3 3.5.1-r0 fixed in 3.5.7-r0	2.3% Low-Moderate Risk	Post-Exploit
CVE-2025-8961	LOW2.8	tiff 4.7.0-r0 fixed in 4.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9165	LOW2.8	tiff 4.7.0-r0 fixed in 4.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-45445	LOW2.78	libcrypto3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-45445	LOW2.78	libssl3 3.5.1-r0 fixed in 3.5.7-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33416	LOW2.7	libpng 1.6.47-r0 fixed in 1.6.56-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-28387	LOW2.48	libcrypto3 3.5.1-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-25646	LOW2.48	libpng 1.6.47-r0 fixed in 1.6.55-r0	0.9% Theoretical Threat	Post-Exploit
CVE-2026-28387	LOW2.48	libssl3 3.5.1-r0 fixed in 3.5.6-r0	0.6% Theoretical Threat	Post-Exploit
CVE-2025-10148	LOW2.45	curl 8.14.1-r1 fixed in 8.14.1-r2	0.5% Theoretical Threat	Post-Exploit
CVE-2025-10148	LOW2.45	libcurl 8.14.1-r1 fixed in 8.14.1-r2	0.5% Theoretical Threat	Post-Exploit
CVE-2026-22801	LOW2.39	libpng 1.6.47-r0 fixed in 1.6.54-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	LOW2.39	musl 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Post-Exploit
CVE-2026-22184	LOW2.39	zlib 1.3.1-r2 fixed in 1.3.2-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-24515	LOW2.12	libexpat 2.7.1-r0 fixed in 2.7.4-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-6170	LOW2.12	libxml2 2.13.8-r0 fixed in 2.13.9-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2025-9086	LOW1.91	curl 8.14.1-r1 fixed in 8.14.1-r2	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-9086	LOW1.91	libcurl 8.14.1-r1 fixed in 8.14.1-r2	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-46394	LOW1.68	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2025-46394	LOW1.68	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.1% Theoretical Threat	Post-Exploit
CVE-2026-40200	NONE0	musl-utils 1.2.5-r10 fixed in 1.2.5-r12	0.1% Theoretical Threat	Not Applicable
CVE-2026-6042	NONE0	musl-utils 1.2.5-r10 fixed in 1.2.5-r11	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	busybox-binsh 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable
CVE-2024-58251	NONE0	ssl_client 1.37.0-r18 fixed in 1.37.0-r20	0.2% Theoretical Threat	Not Applicable