Vulnerability Reportpostgres:18.2-alpine3.22

postgres:18.2-alpine3.22
DIGESTsha256:cf70b3d7aeb0f399ba29e94ce081380ccade1f4c38e203309068a30f49548417

Executive Summary

Last scanned:

Threat Score
50/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit vulnerabilities in OpenSSL and libxml2 to cause denial of service (e.g., CVE-2026-34183) or, under specific conditions, achieve key-equivalent functionality and integrity bypass (CVE-2026-34182). Updating to the latest patches for libssl3, libcrypto3, and libxml2 would fully address these issues. Note that CVE-2026-28388 only applies if delta CRL processing is enabled, which is not a default configuration in PostgreSQL.

Vulnerabilities

Vulnerability Log

94 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-34183MEDIUM6.38
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-6732MEDIUM6.38
libxml2
2.13.9-r0
fixed in 2.13.9-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-28388MEDIUM6
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl-utils
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.8.1-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33630LOW3.6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Post-ExploitContext importance: MEDIUM
CVE-2026-45446LOW3.15
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789LOW3
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-27135LOW2.29
nghttp2-libs
1.65.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
libcurl
8.14.1-r2
fixed in 8.14.1-r3
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-68121NONE0
stdlib
v1.24.6
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39822NONE0
stdlib
v1.24.6
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Not Applicable
CVE-2025-61726NONE0
stdlib
v1.24.6
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Not Applicable
CVE-2025-61729NONE0
stdlib
v1.24.6
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Not Applicable
CVE-2026-25679NONE0
stdlib
v1.24.6
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.24.6
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Not Applicable
CVE-2026-32280NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Not Applicable
CVE-2026-32281NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32283NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Not Applicable
CVE-2026-33811NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-33814NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39820NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-39836NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.24.6
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Not Applicable
CVE-2025-58183NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61728NONE0
stdlib
v1.24.6
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61727NONE0
stdlib
v1.24.6
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-32282NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32289NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-32288NONE0
stdlib
v1.24.6
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Not Applicable
CVE-2026-27142NONE0
stdlib
v1.24.6
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39823NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39826NONE0
stdlib
v1.24.6
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2025-47912NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58185NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-58187NONE0
stdlib
v1.24.6
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58188NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58189NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-61723NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61724NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2025-61725NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Not Applicable
CVE-2025-61730NONE0
stdlib
v1.24.6
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42505NONE0
stdlib
v1.24.6
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.24.6
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2025-58186NONE0
stdlib
v1.24.6
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Not Applicable
CVE-2026-27139NONE0
stdlib
v1.24.6
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.1.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.