Vulnerability Reportprom/prometheus:v2.33.3

prom/prometheus:v2.33.3
DIGESTsha256:48abdc51c51993fd3c60cf6852bf33b26501ab62e5ad7b35fa118113871a064e

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit crafted PromQL queries (CVE-2022-24921) to cause denial of service, leverage XSS vulnerabilities (CVE-2023-24538) to compromise the web UI, or bypass IP-based access controls (CVE-2024-24790). Disabling HTTP/2 on the Prometheus server fully mitigates several HTTP/2-specific DoS CVEs, but the remaining high-severity vulnerabilities require comprehensive remediation. Immediate action is required to rebuild the image with patched Go dependencies.

Vulnerabilities

Vulnerability Log

193 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2023-24538HIGH7.84
stdlib
v1.17.7
fixed in 1.19.8, 1.20.3
2.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-24540HIGH7.84
stdlib
v1.17.7
fixed in 1.19.9, 1.20.4
1.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-24790HIGH7.84
stdlib
v1.17.7
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-45288HIGH7.8
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.23.0
92.0%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-45288HIGH7.8
stdlib
v1.17.7
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-41723HIGH7.5
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.7.0
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.17.0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-32149HIGH7.5
golang.org/x/text
v0.3.7
fixed in 0.3.8
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-28948HIGH7.5
gopkg.in/yaml.v3
v3.0.0-20210107192922-496545a6307b
fixed in 3.0.1
3.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-24921HIGH7.5
stdlib
v1.17.7
fixed in 1.16.15, 1.17.8
3.3%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-28131HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-28327HIGH7.5
stdlib
v1.17.7
fixed in 1.17.9, 1.18.1
4.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-2879HIGH7.5
stdlib
v1.17.7
fixed in 1.18.7, 1.19.2
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-2880HIGH7.5
stdlib
v1.17.7
fixed in 1.18.7, 1.19.2
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-29804HIGH7.5
stdlib
v1.17.7
fixed in 1.17.11, 1.18.3
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-30630HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30631HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30632HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30633HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30634HIGH7.5
stdlib
v1.17.7
fixed in 1.17.11, 1.18.3
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30635HIGH7.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-32189HIGH7.5
stdlib
v1.17.7
fixed in 1.17.13, 1.18.5
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-41715HIGH7.5
stdlib
v1.17.7
fixed in 1.18.7, 1.19.2
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-41720HIGH7.5
stdlib
v1.17.7
fixed in 1.18.9, 1.19.4
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-41722HIGH7.5
stdlib
v1.17.7
fixed in 1.19.6, 1.20.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-41723HIGH7.5
stdlib
v1.17.7
fixed in 1.19.6, 1.20.1
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41724HIGH7.5
stdlib
v1.17.7
fixed in 1.19.6, 1.20.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-41725HIGH7.5
stdlib
v1.17.7
fixed in 1.19.6, 1.20.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-24534HIGH7.5
stdlib
v1.17.7
fixed in 1.19.8, 1.20.3
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2023-24536HIGH7.5
stdlib
v1.17.7
fixed in 1.19.8, 1.20.3
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-24537HIGH7.5
stdlib
v1.17.7
fixed in 1.19.8, 1.20.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
stdlib
v1.17.7
fixed in 1.20.10, 1.21.3
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45283HIGH7.5
stdlib
v1.17.7
fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45287HIGH7.5
stdlib
v1.17.7
fixed in 1.20.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-34156HIGH7.5
stdlib
v1.17.7
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-61726HIGH7.5
stdlib
v1.17.7
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-39828HIGH7.48
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39832HIGH7.39
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-24539HIGH7.3
stdlib
v1.17.7
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-29400HIGH7.3
stdlib
v1.17.7
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-46146HIGH7.04
github.com/prometheus/exporter-toolkit
v0.7.1
fixed in 0.7.2, 0.8.2
1.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-39821MEDIUM6.97
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33997MEDIUM6.88
github.com/docker/docker
v20.10.12+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39831MEDIUM6.88
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68121MEDIUM6.8
stdlib
v1.17.7
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2023-28842MEDIUM6.8
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.24, 23.0.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-25621MEDIUM6.63
github.com/containerd/containerd
v1.5.7
fixed in 1.7.29
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-25173MEDIUM6.63
github.com/containerd/containerd
v1.5.7
fixed in 1.5.18, 1.6.18
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-40635MEDIUM6.63
github.com/containerd/containerd
v1.5.7
fixed in 1.7.27, 1.6.38
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24557MEDIUM6.63
github.com/docker/docker
v20.10.12+incompatible
fixed in 24.0.9, 25.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-30580MEDIUM6.63
stdlib
v1.17.7
fixed in 1.17.11, 1.18.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-29403MEDIUM6.63
stdlib
v1.17.7
fixed in 1.19.10, 1.20.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.17.7
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2022-23471MEDIUM6.5
github.com/containerd/containerd
v1.5.7
fixed in 1.5.16, 1.6.12
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-1705MEDIUM6.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-32148MEDIUM6.5
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-29406MEDIUM6.5
stdlib
v1.17.7
fixed in 1.19.11, 1.20.6
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-41567MEDIUM6.38
github.com/docker/docker
v20.10.12+incompatible
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-29018MEDIUM6.38
github.com/docker/docker
v20.10.12+incompatible
fixed in 26.0.0-rc3, 25.0.5, 23.0.11
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-30204MEDIUM6.38
github.com/golang-jwt/jwt/v4
v4.0.0
fixed in 4.5.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-65637MEDIUM6.38
github.com/sirupsen/logrus
v1.8.1
fixed in 1.8.3, 1.9.1, 1.9.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-47913MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.43.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45338MEDIUM6.38
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.33.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-22868MEDIUM6.38
golang.org/x/oauth2
v0.0.0-20211104180415-d3ed0bb246c8
fixed in 0.27.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-41716MEDIUM6.38
stdlib
v1.17.7
fixed in 1.18.8, 1.19.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.17.7
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.17.7
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.17.7
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42306MEDIUM6.12
github.com/docker/docker
v20.10.12+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27664MEDIUM6
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.0.0-20220906165146-f3363e06e74c
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-27664MEDIUM6
stdlib
v1.17.7
fixed in 1.18.6, 1.19.1
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-47907MEDIUM5.95
stdlib
v1.17.7
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-24786MEDIUM5.9
google.golang.org/protobuf
v1.27.1
fixed in 1.33.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.17.7
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.17.7
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-28841MEDIUM5.78
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.24, 23.0.3
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.17.7
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-2253MEDIUM5.52
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.2-beta.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-24785MEDIUM5.52
stdlib
v1.17.7
fixed in 1.21.8, 1.22.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.17.7
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.17.7
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24784MEDIUM5.4
stdlib
v1.17.7
fixed in 1.21.8, 1.22.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-36109MEDIUM5.35
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.18
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-41717MEDIUM5.3
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.4.0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-29526MEDIUM5.3
golang.org/x/sys
v0.0.0-20220114195835-da31bd327af9
fixed in 0.0.0-20220412211240-33da011f77ad
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-29526MEDIUM5.3
stdlib
v1.17.7
fixed in 1.17.10, 1.18.2
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41717MEDIUM5.3
stdlib
v1.17.7
fixed in 1.18.9, 1.19.4
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-29409MEDIUM5.3
stdlib
v1.17.7
fixed in 1.19.12, 1.20.7, 1.21.0-rc.4
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-39326MEDIUM5.3
stdlib
v1.17.7
fixed in 1.20.12, 1.21.5
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-45289MEDIUM5.3
stdlib
v1.17.7
fixed in 1.21.8, 1.22.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-45290MEDIUM5.3
stdlib
v1.17.7
fixed in 1.21.8, 1.22.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-3978MEDIUM5.18
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.13.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-39318MEDIUM5.18
stdlib
v1.17.7
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-39319MEDIUM5.18
stdlib
v1.17.7
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-24769MEDIUM5.02
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.14
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-24783MEDIUM5.02
stdlib
v1.17.7
fixed in 1.21.8, 1.22.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2024-34155MEDIUM5.02
stdlib
v1.17.7
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.17.7
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-31030MEDIUM4.67
github.com/containerd/containerd
v1.5.7
fixed in 1.5.13, 1.6.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-25153MEDIUM4.67
github.com/containerd/containerd
v1.5.7
fixed in 1.5.18, 1.6.18
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64329MEDIUM4.67
github.com/containerd/containerd
v1.5.7
fixed in 1.7.29
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-1962MEDIUM4.67
stdlib
v1.17.7
fixed in 1.17.12, 1.18.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.17.7
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.17.7
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-40577MEDIUM4.59
github.com/prometheus/alertmanager
v0.23.0
fixed in 0.25.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.17.7
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.17.7
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.17.7
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-24532MEDIUM4.5
stdlib
v1.17.7
fixed in 1.19.7, 1.20.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-45284MEDIUM4.5
stdlib
v1.17.7
fixed in 1.20.11, 1.21.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.17.7
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.17.7
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.17.7
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.17.7
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.17.7
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-54410MEDIUM4.42
github.com/docker/docker
v20.10.12+incompatible
fixed in 25.0.13, 28.0.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-41110MEDIUM4.1
github.com/docker/docker
v20.10.12+incompatible
fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6
16.5%
High Exploitation Risk
Post-Exploit
CVE-2025-22870LOW3.74
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.17.7
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.17.7
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41568LOW3.31
github.com/docker/docker
v20.10.12+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2021-43816LOW3.28
github.com/containerd/containerd
v1.5.7
fixed in 1.5.9
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.40.1
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-28840LOW3.13
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.24, 23.0.3
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2022-23648LOW3.1
github.com/containerd/containerd
v1.5.7
fixed in 1.4.13, 1.5.10, 1.6.1
27.4%
High Exploitation Risk
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.31.0
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-34040LOW2.81
github.com/docker/docker
v20.10.12+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2023-48795LOW2.76
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.17.0
93.3%
Actively Exploited
Post-Exploit
CVE-2022-27191LOW2.7
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.0.0-20220314234659-1baeb1ce4c0b
3.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-24675LOW2.7
stdlib
v1.17.7
fixed in 1.17.9, 1.18.1
5.4%
Low-Moderate Risk
Post-Exploit
CVE-2024-51744LOW2.63
github.com/golang-jwt/jwt/v4
v4.0.0
fixed in 4.5.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-30629LOW2.63
stdlib
v1.17.7
fixed in 1.17.11, 1.18.3
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-27139LOW2.12
stdlib
v1.17.7
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
GHSA-7ww5-4wqc-m92cNONE0
github.com/containerd/containerd
v1.5.7
fixed in 1.6.26, 1.7.11
Not Applicable
GHSA-5j5w-g665-5m35NONE0
github.com/containerd/containerd
v1.5.7
fixed in 1.4.12, 1.5.8
Not Applicable
GHSA-c9cp-9c75-9v8cNONE0
github.com/containerd/containerd
v1.5.7
fixed in 1.5.11, 1.6.2
Not Applicable
GHSA-qq97-vm5h-rrhgNONE0
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.0
Not Applicable
GHSA-jq35-85cj-fj4pNONE0
github.com/docker/docker
v20.10.12+incompatible
fixed in 24.0.7, 23.0.8, 20.10.27
Not Applicable
GHSA-vp35-85q5-9f25NONE0
github.com/docker/docker
v20.10.12+incompatible
fixed in 20.10.20
Not Applicable
GHSA-77vh-xpmg-72qhNONE0
github.com/opencontainers/image-spec
v1.0.1
fixed in 1.0.2
Not Applicable
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.7.5
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
CVE-2022-30636NONE0
golang.org/x/crypto
v0.0.0-20211202192323-5770296d904e
fixed in 0.0.0-20220525230936-793ad666bf5e
0.6%
Theoretical Threat
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.0.0-20220105145211-5b0dc2dfae98
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.0.0-20220114195835-da31bd327af9
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.3.7
fixed in 0.39.0
Not Applicable
GHSA-m425-mq94-257gNONE0
google.golang.org/grpc
v1.40.1
fixed in 1.56.3, 1.57.1, 1.58.3
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.17.7
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.