Vulnerability Reportprom/prometheus:v2.35.0

prom/prometheus:v2.35.0
DIGESTsha256:4b86ad59abc67fa19a6e1618e936f3fd0f6ae13f49260da55a03eeca763a0fb5

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The image contains 176 known vulnerabilities, 37 of which are high-severity, including critical XSS (CVE-2023-24538, CVE-2023-24540) and multiple HTTP/2 denial-of-service flaws. An attacker could exploit these to execute arbitrary JavaScript in the Prometheus UI (leading to data theft or session hijacking) or cause service unavailability via CPU exhaustion. While the image is from a reputable community publisher with over 1.9 billion pulls, the sheer volume and severity of exposed vulnerabilities make it unsuitable for production without rigorous network segmentation and a WAF to mitigate XSS and DoS attacks.

Vulnerabilities

Vulnerability Log

188 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2023-24538CRITICAL9.8
stdlib
v1.18.1
fixed in 1.19.8, 1.20.3
2.3%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-24540CRITICAL9.8
stdlib
v1.18.1
fixed in 1.19.9, 1.20.4
1.5%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-45288CRITICAL9.75
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.23.0
92.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2023-45288CRITICAL9.75
stdlib
v1.18.1
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2024-24790HIGH7.84
stdlib
v1.18.1
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-45142HIGH7.5
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
v0.31.0
fixed in 0.44.0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-27664HIGH7.5
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.0.0-20220906165146-f3363e06e74c
2.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-41723HIGH7.5
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.7.0
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.17.0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-32149HIGH7.5
golang.org/x/text
v0.3.7
fixed in 0.3.8
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-27664HIGH7.5
stdlib
v1.18.1
fixed in 1.18.6, 1.19.1
2.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-29804HIGH7.5
stdlib
v1.18.1
fixed in 1.17.11, 1.18.3
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-30630HIGH7.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30631HIGH7.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30632HIGH7.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30633HIGH7.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30634HIGH7.5
stdlib
v1.18.1
fixed in 1.17.11, 1.18.3
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-30635HIGH7.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-32189HIGH7.5
stdlib
v1.18.1
fixed in 1.17.13, 1.18.5
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-41715HIGH7.5
stdlib
v1.18.1
fixed in 1.18.7, 1.19.2
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-41720HIGH7.5
stdlib
v1.18.1
fixed in 1.18.9, 1.19.4
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-41722HIGH7.5
stdlib
v1.18.1
fixed in 1.19.6, 1.20.1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-41723HIGH7.5
stdlib
v1.18.1
fixed in 1.19.6, 1.20.1
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41724HIGH7.5
stdlib
v1.18.1
fixed in 1.19.6, 1.20.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-41725HIGH7.5
stdlib
v1.18.1
fixed in 1.19.6, 1.20.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-24534HIGH7.5
stdlib
v1.18.1
fixed in 1.19.8, 1.20.3
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2023-24536HIGH7.5
stdlib
v1.18.1
fixed in 1.19.8, 1.20.3
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-24537HIGH7.5
stdlib
v1.18.1
fixed in 1.19.8, 1.20.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
stdlib
v1.18.1
fixed in 1.20.10, 1.21.3
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45283HIGH7.5
stdlib
v1.18.1
fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45287HIGH7.5
stdlib
v1.18.1
fixed in 1.20.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-34156HIGH7.5
stdlib
v1.18.1
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-61726HIGH7.5
stdlib
v1.18.1
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2026-39828HIGH7.48
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39832HIGH7.39
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-24539HIGH7.3
stdlib
v1.18.1
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-29400HIGH7.3
stdlib
v1.18.1
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-39821MEDIUM6.97
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33997MEDIUM6.88
github.com/docker/docker
v20.10.14+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39831MEDIUM6.88
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-25681MEDIUM6.88
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27136MEDIUM6.88
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68121MEDIUM6.8
stdlib
v1.18.1
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2023-28842MEDIUM6.8
github.com/docker/docker
v20.10.14+incompatible
fixed in 20.10.24, 23.0.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-25621MEDIUM6.63
github.com/containerd/containerd
v1.6.1
fixed in 1.7.29
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-25173MEDIUM6.63
github.com/containerd/containerd
v1.6.1
fixed in 1.5.18, 1.6.18
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-40635MEDIUM6.63
github.com/containerd/containerd
v1.6.1
fixed in 1.7.27, 1.6.38
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24557MEDIUM6.63
github.com/docker/docker
v20.10.14+incompatible
fixed in 24.0.9, 25.0.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-30580MEDIUM6.63
stdlib
v1.18.1
fixed in 1.17.11, 1.18.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-29403MEDIUM6.63
stdlib
v1.18.1
fixed in 1.19.10, 1.20.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39822MEDIUM6.63
stdlib
v1.18.1
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Directly Exposed
CVE-2022-23471MEDIUM6.5
github.com/containerd/containerd
v1.6.1
fixed in 1.5.16, 1.6.12
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-1705MEDIUM6.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-32148MEDIUM6.5
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-29406MEDIUM6.5
stdlib
v1.18.1
fixed in 1.19.11, 1.20.6
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-41567MEDIUM6.38
github.com/docker/docker
v20.10.14+incompatible
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-29018MEDIUM6.38
github.com/docker/docker
v20.10.14+incompatible
fixed in 26.0.0-rc3, 25.0.5, 23.0.11
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-30204MEDIUM6.38
github.com/golang-jwt/jwt/v4
v4.2.0
fixed in 4.5.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-65637MEDIUM6.38
github.com/sirupsen/logrus
v1.8.1
fixed in 1.8.3, 1.9.1, 1.9.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
v1.6.1
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-47913MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.43.0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45338MEDIUM6.38
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.33.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-22868MEDIUM6.38
golang.org/x/oauth2
v0.0.0-20220309155454-6242fa91716a
fixed in 0.27.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-41716MEDIUM6.38
stdlib
v1.18.1
fixed in 1.18.8, 1.19.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.18.1
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.18.1
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.18.1
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42306MEDIUM6.12
github.com/docker/docker
v20.10.14+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.18.1
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-24786MEDIUM5.9
google.golang.org/protobuf
v1.28.0
fixed in 1.33.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.18.1
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.18.1
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-28841MEDIUM5.78
github.com/docker/docker
v20.10.14+incompatible
fixed in 20.10.24, 23.0.3
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.18.1
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-2253MEDIUM5.52
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.2-beta.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-24785MEDIUM5.52
stdlib
v1.18.1
fixed in 1.21.8, 1.22.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.18.1
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.18.1
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24784MEDIUM5.4
stdlib
v1.18.1
fixed in 1.21.8, 1.22.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-36109MEDIUM5.35
github.com/docker/docker
v20.10.14+incompatible
fixed in 20.10.18
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-41717MEDIUM5.3
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.4.0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-29526MEDIUM5.3
golang.org/x/sys
v0.0.0-20220328115105-d36c6a25d886
fixed in 0.0.0-20220412211240-33da011f77ad
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-29526MEDIUM5.3
stdlib
v1.18.1
fixed in 1.17.10, 1.18.2
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41717MEDIUM5.3
stdlib
v1.18.1
fixed in 1.18.9, 1.19.4
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-29409MEDIUM5.3
stdlib
v1.18.1
fixed in 1.19.12, 1.20.7, 1.21.0-rc.4
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-39326MEDIUM5.3
stdlib
v1.18.1
fixed in 1.20.12, 1.21.5
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-45289MEDIUM5.3
stdlib
v1.18.1
fixed in 1.21.8, 1.22.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-45290MEDIUM5.3
stdlib
v1.18.1
fixed in 1.21.8, 1.22.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-3978MEDIUM5.18
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.13.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-39318MEDIUM5.18
stdlib
v1.18.1
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-39319MEDIUM5.18
stdlib
v1.18.1
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24783MEDIUM5.02
stdlib
v1.18.1
fixed in 1.21.8, 1.22.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2024-34155MEDIUM5.02
stdlib
v1.18.1
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.18.1
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-31030MEDIUM4.67
github.com/containerd/containerd
v1.6.1
fixed in 1.5.13, 1.6.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-25153MEDIUM4.67
github.com/containerd/containerd
v1.6.1
fixed in 1.5.18, 1.6.18
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-64329MEDIUM4.67
github.com/containerd/containerd
v1.6.1
fixed in 1.7.29
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-1962MEDIUM4.67
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.18.1
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.18.1
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-40577MEDIUM4.59
github.com/prometheus/alertmanager
v0.24.0
fixed in 0.25.1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.18.1
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.18.1
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.18.1
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-24532MEDIUM4.5
stdlib
v1.18.1
fixed in 1.19.7, 1.20.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-45284MEDIUM4.5
stdlib
v1.18.1
fixed in 1.20.11, 1.21.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.18.1
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.18.1
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.18.1
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.18.1
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.18.1
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-54410MEDIUM4.42
github.com/docker/docker
v20.10.14+incompatible
fixed in 25.0.13, 28.0.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-41110MEDIUM4.1
github.com/docker/docker
v20.10.14+incompatible
fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6
16.5%
High Exploitation Risk
Post-Exploit
CVE-2025-22870LOW3.74
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.18.1
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.18.1
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41568LOW3.31
github.com/docker/docker
v20.10.14+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.45.0
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-46146LOW3.17
github.com/prometheus/exporter-toolkit
v0.7.1
fixed in 0.7.2, 0.8.2
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-28840LOW3.13
github.com/docker/docker
v20.10.14+incompatible
fixed in 20.10.24, 23.0.3
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.31.0
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-34040LOW2.81
github.com/docker/docker
v20.10.14+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2023-48795LOW2.76
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.17.0
93.3%
Actively Exploited
Post-Exploit
CVE-2022-27191LOW2.7
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.0.0-20220314234659-1baeb1ce4c0b
3.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28948LOW2.7
gopkg.in/yaml.v3
v3.0.0-20210107192922-496545a6307b
fixed in 3.0.1
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-28131LOW2.7
stdlib
v1.18.1
fixed in 1.17.12, 1.18.4
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-2879LOW2.7
stdlib
v1.18.1
fixed in 1.18.7, 1.19.2
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-2880LOW2.7
stdlib
v1.18.1
fixed in 1.18.7, 1.19.2
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-51744LOW2.63
github.com/golang-jwt/jwt/v4
v4.2.0
fixed in 4.5.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-30629LOW2.63
stdlib
v1.18.1
fixed in 1.17.11, 1.18.3
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-27139LOW2.12
stdlib
v1.18.1
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
GHSA-7ww5-4wqc-m92cNONE0
github.com/containerd/containerd
v1.6.1
fixed in 1.6.26, 1.7.11
Not Applicable
GHSA-c9cp-9c75-9v8cNONE0
github.com/containerd/containerd
v1.6.1
fixed in 1.5.11, 1.6.2
Not Applicable
GHSA-qq97-vm5h-rrhgNONE0
github.com/docker/distribution
v2.7.1+incompatible
fixed in 2.8.0
Not Applicable
GHSA-jq35-85cj-fj4pNONE0
github.com/docker/docker
v20.10.14+incompatible
fixed in 24.0.7, 23.0.8, 20.10.27
Not Applicable
GHSA-vp35-85q5-9f25NONE0
github.com/docker/docker
v20.10.14+incompatible
fixed in 20.10.20
Not Applicable
GHSA-4v48-4q5m-8vx4NONE0
github.com/prometheus/prometheus
2.35.0
fixed in 2.37.4, 2.40.4
Not Applicable
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.8.3
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
CVE-2022-30636NONE0
golang.org/x/crypto
v0.0.0-20211215153901-e495a2d5b3d3
fixed in 0.0.0-20220525230936-793ad666bf5e
0.6%
Theoretical Threat
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.0.0-20220325170049-de3da57026de
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.0.0-20220328115105-d36c6a25d886
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.3.7
fixed in 0.39.0
Not Applicable
GHSA-m425-mq94-257gNONE0
google.golang.org/grpc
v1.45.0
fixed in 1.56.3, 1.57.1, 1.58.3
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.18.1
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.