Vulnerability Reportprom/mysqld-exporter:v0.19.0

prom/mysqld-exporter:latestprom/mysqld-exporter:v0prom/mysqld-exporter:v0.19.0

DIGESTsha256:eacb4b18e2ec1e0abdf2d64851b68526c964f6d9cb3e9458fb5d5f5062ea94c1

Executive Summary

Threat ScoreSAFE• Image is from a highly trusted community source (prom) with 76M+ pulls and pinned by digest, ensuring immutability.• Vulnerability scan found 28 exposed vulnerabilities, but all are low severity (max CVSS 5.58) with none >= 6.0.• Post-exploit vulnerabilities (12) are negligible (max CVSS 2.69) and require local access.• No critical or high-severity findings were identified in exposed or post-exploit surfaces.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (76M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. Although there are 28 exposed vulnerabilities and 12 post-exploit vulnerabilities, all are low severity (max CVSS 5.58 and 2.69 respectively) and pose no significant risk. The image is widely used and trusted, with strong immutability guarantees due to digest pinning.

Vulnerabilities

Vulnerability Log

40 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39821	MEDIUM5.58	golang.org/x/net v0.48.0 fixed in 0.55.0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33810	MEDIUM5.58	stdlib v1.26.1 fixed in 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32282	MEDIUM5.44	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32280	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32288	MEDIUM4.67	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	LOW3.6	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-26958	LOW3.15	filippo.io/edwards25519 v1.1.0 fixed in 1.1.1	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39829	LOW2.29	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39830	LOW2.29	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	golang.org/x/net v0.48.0 fixed in 0.53.0	0.6% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-42508	LOW2.26	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46595	LOW2.17	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32289	LOW1.87	stdlib v1.26.1 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39826	LOW1.65	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46598	LOW1.62	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39827	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.46.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.48.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.48.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.48.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.48.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.48.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.39.0 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.1 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.1 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable