Vulnerability Reportnode:20.20.2-alpine3.22

Name: node:20.20.2-alpine3.22 Security Vulnerability Report
Creator: BaseImage
Keywords: node:20.20.2-alpine3.22, Docker security, vulnerability scan, CVE, container security, SBOM

node:20.20.2-alpine3.22

DIGESTsha256:8f47899606d000b0704e992f927fe7335adcd0d6c98851600072fb6e14a13e60

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. Attackers could achieve arbitrary file creation via CVE-2026-24842 or cause denial of service. While a vulnerability in OpenSSL, CVE-2026-45447, could lead to remote code execution, its exploitation requires the application to specifically process PKCS#7 or S/MIME signed messages using the affected function. Addressing the 12 exposed-surface vulnerabilities with severity 6.0 or higher is strongly recommended before production use.

Threat Score

50/100

CAUTION

The image received a 'CAUTION' verdict with a threat score of 50.
12 exposed-surface vulnerabilities with severity >= 6.0 were identified, including one with a severity of 6.97.
CVE-2026-24842 (severity 6.97) in `node-tar` allows arbitrary file creation via path traversal bypass.
Multiple high-context Denial of Service vulnerabilities exist, such as CVE-2026-33750 and CVE-2026-24001, which can lead to application hangs or memory exhaustion.
CVE-2026-45447 (severity 6.48) in OpenSSL could lead to process crashes or remote code execution if PKCS#7 verification is used.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

node:20.20.2-alpine3.22

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

45 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-24842	MEDIUM6.97	tar 6.2.1 fixed in 7.5.7	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-45447	MEDIUM6.48	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-45447	MEDIUM6.48	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-33750	MEDIUM6.38	brace-expansion 2.0.1 fixed in 5.0.5, 3.0.2, 2.0.3, 1.1.13	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-24001	MEDIUM6.38	diff 5.2.0 fixed in 8.0.3, 5.2.2, 4.0.4, 3.5.1	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-26996	MEDIUM6.38	minimatch 9.0.5 fixed in 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	<0.1% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-34181	MEDIUM6.3	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42768	MEDIUM6.3	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-34181	MEDIUM6.3	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42768	MEDIUM6.3	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-34183	MEDIUM6	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-34183	MEDIUM6	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-34182	MEDIUM5.92	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-34182	MEDIUM5.92	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly ExposedContext importance: MEDIUM
CVE-2026-42770	MEDIUM5.9	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-9076	MEDIUM5.9	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42770	MEDIUM5.9	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-9076	MEDIUM5.9	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-27904	MEDIUM5.52	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-7383	MEDIUM5.5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-7383	MEDIUM5.5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-45445	MEDIUM5.46	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-45445	MEDIUM5.46	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42766	MEDIUM5.3	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42767	MEDIUM5.3	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42766	MEDIUM5.3	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42767	MEDIUM5.3	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42338	MEDIUM5.18	ip-address 9.0.5 fixed in 10.1.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27903	MEDIUM5.02	minimatch 9.0.5 fixed in 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34180	MEDIUM5	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-34180	MEDIUM5	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2024-21538	LOW3.74	cross-spawn 7.0.3 fixed in 7.0.5, 6.0.6	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-45446	LOW3.7	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-45446	LOW3.7	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-26960	LOW3.62	tar 6.2.1 fixed in 7.5.8	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-42764	LOW3.54	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42769	LOW3.54	libcrypto3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42764	LOW3.54	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-42769	LOW3.54	libssl3 3.5.6-r0 fixed in 3.5.7-r0	—	Directly Exposed
CVE-2026-29786	LOW3.21	tar 6.2.1 fixed in 7.5.10	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-23745	LOW3.11	tar 6.2.1 fixed in 7.5.3	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-31802	LOW2.8	tar 6.2.1 fixed in 7.5.11	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5889	LOW2.63	brace-expansion 2.0.1 fixed in 2.0.2, 1.1.12, 3.0.1, 4.0.1	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-64756	LOW2.29	glob 10.4.2 fixed in 11.1.0, 10.5.0	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-23950	LOW1.81	tar 6.2.1 fixed in 7.5.4	<0.1% Theoretical Threat	Post-Exploit