Vulnerability Reportnode:26-slim

Name: node:current-trixie-slim Security Vulnerability Report
Creator: BaseImage
Keywords: node:current-trixie-slim, Docker security, vulnerability scan, CVE, container security, SBOM

node:trixie-slimnode:slimnode:current-trixie-slimnode:current-slimnode:26.3.0-trixie-slimnode:26.3.0-slimnode:26.3-trixie-slimnode:26.3-slimnode:26-trixie-slimnode:26-slim

DIGESTsha256:95a34da32a840bd9b3b09a5b773591c16923e350174b1c50e1200c75bf15eaa9

Executive Summary

NEEDS_ATTENTION

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. It is a highly trusted official Docker image, pinned by digest, which ensures its integrity. However, it contains two exposed vulnerabilities with a maximum severity of 6.0, notably `CVE-2018-20796` in glibc. This specific vulnerability could lead to a denial of service if the application processes specially crafted regular expressions from external input. Other lower-severity post-exploit vulnerabilities are present but are less likely to impact the Node.js application runtime.

Threat Score

25/100

NEEDS_ATTENTION

The image is a highly trusted official Docker Hub image, immutable by digest, indicating strong supply chain integrity.
Two instances of `CVE-2018-20796` are exposed, with a severity of 6.0, affecting glibc and posing a denial of service risk.
This specific glibc vulnerability could allow crafted regular expressions in external input to crash the Node.js application.
While 43 post-exploit vulnerabilities exist, the maximum severity is 4.68, and none are considered high impact for a Node.js application.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

node:26-slim

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

106 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM5.1	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM5.1	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010022	MEDIUM5	libc-bin 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010022	MEDIUM5	libc6 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-6 No fix yet	—	Directly Exposed
CVE-2026-48962	MEDIUM4.68	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.8% Low-Moderate Risk	Post-Exploit
CVE-2026-8376	LOW3.53	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-42496	LOW3.28	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42497	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3184	LOW2.7	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010024	LOW2.7	libc-bin 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	LOW2.7	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-1010024	LOW2.7	libc6 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2026-3184	LOW2.7	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2026-6238	LOW1.99	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6238	LOW1.99	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5435	LOW1.81	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b9 No fix yet	—	Not Applicable
CVE-2026-11822	NONE0	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	—	Not Applicable
CVE-2026-11824	NONE0	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable