Last scanned:
This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The image contains 176 known vulnerabilities, 37 of which are high-severity, including critical XSS (CVE-2023-24538, CVE-2023-24540) and multiple HTTP/2 denial-of-service flaws. An attacker could exploit these to execute arbitrary JavaScript in the Prometheus UI (leading to data theft or session hijacking) or cause service unavailability via CPU exhaustion. While the image is from a reputable community publisher with over 1.9 billion pulls, the sheer volume and severity of exposed vulnerabilities make it unsuitable for production without rigorous network segmentation and a WAF to mitigate XSS and DoS attacks.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2023-24538 | CRITICAL9.8 | stdlib v1.18.1 fixed in 1.19.8, 1.20.3 | 2.3% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2023-24540 | CRITICAL9.8 | stdlib v1.18.1 fixed in 1.19.9, 1.20.4 | 1.5% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2023-45288 | CRITICAL9.75 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.23.0 | 92.0% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2023-45288 | CRITICAL9.75 | stdlib v1.18.1 fixed in 1.21.9, 1.22.2 | 92.0% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2024-24790 | HIGH7.84 | stdlib v1.18.1 fixed in 1.21.11, 1.22.4 | 2.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2023-45142 | HIGH7.5 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.31.0 fixed in 0.44.0 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-27664 | HIGH7.5 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.0.0-20220906165146-f3363e06e74c | 2.6% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2022-41723 | HIGH7.5 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.7.0 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39325 | HIGH7.5 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.17.0 | 3.8% Low-Moderate Risk | Directly Exposed |
| CVE-2022-32149 | HIGH7.5 | golang.org/x/text v0.3.7 fixed in 0.3.8 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-27664 | HIGH7.5 | stdlib v1.18.1 fixed in 1.18.6, 1.19.1 | 2.6% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2022-29804 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.11, 1.18.3 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30630 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30631 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30632 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30633 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30634 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.11, 1.18.3 | 1.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-30635 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2022-32189 | HIGH7.5 | stdlib v1.18.1 fixed in 1.17.13, 1.18.5 | 2.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41715 | HIGH7.5 | stdlib v1.18.1 fixed in 1.18.7, 1.19.2 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41720 | HIGH7.5 | stdlib v1.18.1 fixed in 1.18.9, 1.19.4 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41722 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.6, 1.20.1 | 1.7% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41723 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.6, 1.20.1 | 4.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41724 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.6, 1.20.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41725 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.6, 1.20.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-24534 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.8, 1.20.3 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2023-24536 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.8, 1.20.3 | 1.5% Low-Moderate Risk | Directly Exposed |
| CVE-2023-24537 | HIGH7.5 | stdlib v1.18.1 fixed in 1.19.8, 1.20.3 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39325 | HIGH7.5 | stdlib v1.18.1 fixed in 1.20.10, 1.21.3 | 3.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45283 | HIGH7.5 | stdlib v1.18.1 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5 | 2.8% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45287 | HIGH7.5 | stdlib v1.18.1 fixed in 1.20.0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-34156 | HIGH7.5 | stdlib v1.18.1 fixed in 1.22.7, 1.23.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2025-61726 | HIGH7.5 | stdlib v1.18.1 fixed in 1.24.12, 1.25.6 | 1.9% Low-Moderate Risk | Directly Exposed |
| CVE-2026-39828 | HIGH7.48 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39832 | HIGH7.39 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2023-24539 | HIGH7.3 | stdlib v1.18.1 fixed in 1.19.9, 1.20.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-29400 | HIGH7.3 | stdlib v1.18.1 fixed in 1.19.9, 1.20.4 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2026-39821 | MEDIUM6.97 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33997 | MEDIUM6.88 | github.com/docker/docker v20.10.14+incompatible fixed in 29.3.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39831 | MEDIUM6.88 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-25681 | MEDIUM6.88 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27136 | MEDIUM6.88 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.18.1 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2023-28842 | MEDIUM6.8 | github.com/docker/docker v20.10.14+incompatible fixed in 20.10.24, 23.0.3 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-25621 | MEDIUM6.63 | github.com/containerd/containerd v1.6.1 fixed in 1.7.29 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-25173 | MEDIUM6.63 | github.com/containerd/containerd v1.6.1 fixed in 1.5.18, 1.6.18 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2024-40635 | MEDIUM6.63 | github.com/containerd/containerd v1.6.1 fixed in 1.7.27, 1.6.38 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24557 | MEDIUM6.63 | github.com/docker/docker v20.10.14+incompatible fixed in 24.0.9, 25.0.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2022-30580 | MEDIUM6.63 | stdlib v1.18.1 fixed in 1.17.11, 1.18.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2023-29403 | MEDIUM6.63 | stdlib v1.18.1 fixed in 1.19.10, 1.20.5 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39822 | MEDIUM6.63 | stdlib v1.18.1 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2022-23471 | MEDIUM6.5 | github.com/containerd/containerd v1.6.1 fixed in 1.5.16, 1.6.12 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-1705 | MEDIUM6.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2022-32148 | MEDIUM6.5 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-29406 | MEDIUM6.5 | stdlib v1.18.1 fixed in 1.19.11, 1.20.6 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2026-41567 | MEDIUM6.38 | github.com/docker/docker v20.10.14+incompatible No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-29018 | MEDIUM6.38 | github.com/docker/docker v20.10.14+incompatible fixed in 26.0.0-rc3, 25.0.5, 23.0.11 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-30204 | MEDIUM6.38 | github.com/golang-jwt/jwt/v4 v4.2.0 fixed in 4.5.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-65637 | MEDIUM6.38 | github.com/sirupsen/logrus v1.8.1 fixed in 1.8.3, 1.9.1, 1.9.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39882 | MEDIUM6.38 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.1 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22869 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.35.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-47913 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.43.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39835 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46597 | MEDIUM6.38 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-45338 | MEDIUM6.38 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.33.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.53.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-22868 | MEDIUM6.38 | golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a fixed in 0.27.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-41716 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.18.8, 1.19.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.8, 1.26.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27145 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42499 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42504 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-58183 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.18.1 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42306 | MEDIUM6.12 | github.com/docker/docker v20.10.14+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-47907 | MEDIUM5.95 | stdlib v1.18.1 fixed in 1.23.12, 1.24.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-24786 | MEDIUM5.9 | google.golang.org/protobuf v1.28.0 fixed in 1.33.0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-24791 | MEDIUM5.9 | stdlib v1.18.1 fixed in 1.21.12, 1.22.5 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-34158 | MEDIUM5.9 | stdlib v1.18.1 fixed in 1.22.7, 1.23.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-28841 | MEDIUM5.78 | github.com/docker/docker v20.10.14+incompatible fixed in 20.10.24, 23.0.3 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2025-4673 | MEDIUM5.78 | stdlib v1.18.1 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2023-2253 | MEDIUM5.52 | github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.2-beta.1 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-39827 | MEDIUM5.52 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39834 | MEDIUM5.52 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22872 | MEDIUM5.52 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.38.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-24785 | MEDIUM5.52 | stdlib v1.18.1 fixed in 1.21.8, 1.22.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-47906 | MEDIUM5.52 | stdlib v1.18.1 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.18.1 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39825 | MEDIUM5.52 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24784 | MEDIUM5.4 | stdlib v1.18.1 fixed in 1.21.8, 1.22.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2022-36109 | MEDIUM5.35 | github.com/docker/docker v20.10.14+incompatible fixed in 20.10.18 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2022-41717 | MEDIUM5.3 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.4.0 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-29526 | MEDIUM5.3 | golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886 fixed in 0.0.0-20220412211240-33da011f77ad | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-29526 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.17.10, 1.18.2 | 2.6% Low-Moderate Risk | Directly Exposed |
| CVE-2022-41717 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.18.9, 1.19.4 | 5.6% Low-Moderate Risk | Directly Exposed |
| CVE-2023-29409 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2023-39326 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.20.12, 1.21.5 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45289 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.21.8, 1.22.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45290 | MEDIUM5.3 | stdlib v1.18.1 fixed in 1.21.8, 1.22.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2023-3978 | MEDIUM5.18 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.13.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2023-39318 | MEDIUM5.18 | stdlib v1.18.1 fixed in 1.20.8, 1.21.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2023-39319 | MEDIUM5.18 | stdlib v1.18.1 fixed in 1.20.8, 1.21.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24783 | MEDIUM5.02 | stdlib v1.18.1 fixed in 1.21.8, 1.22.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-34155 | MEDIUM5.02 | stdlib v1.18.1 fixed in 1.22.7, 1.23.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-45336 | MEDIUM5.02 | stdlib v1.18.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2022-31030 | MEDIUM4.67 | github.com/containerd/containerd v1.6.1 fixed in 1.5.13, 1.6.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2023-25153 | MEDIUM4.67 | github.com/containerd/containerd v1.6.1 fixed in 1.5.18, 1.6.18 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-64329 | MEDIUM4.67 | github.com/containerd/containerd v1.6.1 fixed in 1.7.29 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2022-1962 | MEDIUM4.67 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2024-24789 | MEDIUM4.67 | stdlib v1.18.1 fixed in 1.21.11, 1.22.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.18.1 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-40577 | MEDIUM4.59 | github.com/prometheus/alertmanager v0.24.0 fixed in 0.25.1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22871 | MEDIUM4.59 | stdlib v1.18.1 fixed in 1.23.8, 1.24.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.18.1 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39823 | MEDIUM4.59 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.18.1 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47911 | MEDIUM4.5 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58190 | MEDIUM4.5 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2023-24532 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.19.7, 1.20.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2023-45284 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.20.11, 1.21.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-22866 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22873 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47912 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58185 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58187 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58188 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58189 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61723 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61724 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61725 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42505 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58186 | MEDIUM4.5 | stdlib v1.18.1 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-54410 | MEDIUM4.42 | github.com/docker/docker v20.10.14+incompatible fixed in 25.0.13, 28.0.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-41110 | MEDIUM4.1 | github.com/docker/docker v20.10.14+incompatible fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6 | 16.5% High Exploitation Risk | Post-Exploit |
| CVE-2025-22870 | LOW3.74 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.36.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | stdlib v1.18.1 fixed in 1.23.7, 1.24.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-45341 | LOW3.57 | stdlib v1.18.1 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41568 | LOW3.31 | github.com/docker/docker v20.10.14+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-33186 | LOW3.28 | google.golang.org/grpc v1.45.0 fixed in 1.79.3 | 1.6% Low-Moderate Risk | Post-Exploit |
| CVE-2022-46146 | LOW3.17 | github.com/prometheus/exporter-toolkit v0.7.1 fixed in 0.7.2, 0.8.2 | 1.2% Low-Moderate Risk | Post-Exploit |
| CVE-2023-28840 | LOW3.13 | github.com/docker/docker v20.10.14+incompatible fixed in 20.10.24, 23.0.3 | 2.7% Low-Moderate Risk | Post-Exploit |
| CVE-2024-45337 | LOW2.95 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.31.0 | 3.2% Low-Moderate Risk | Post-Exploit |
| CVE-2026-34040 | LOW2.81 | github.com/docker/docker v20.10.14+incompatible fixed in 29.3.1 | 8.1% Low-Moderate Risk | Post-Exploit |
| CVE-2023-48795 | LOW2.76 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.17.0 | 93.3% Actively Exploited | Post-Exploit |
| CVE-2022-27191 | LOW2.7 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.0.0-20220314234659-1baeb1ce4c0b | 3.9% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28948 | LOW2.7 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b fixed in 3.0.1 | 3.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-28131 | LOW2.7 | stdlib v1.18.1 fixed in 1.17.12, 1.18.4 | 1.9% Low-Moderate Risk | Post-Exploit |
| CVE-2022-2879 | LOW2.7 | stdlib v1.18.1 fixed in 1.18.7, 1.19.2 | 1.5% Low-Moderate Risk | Post-Exploit |
| CVE-2022-2880 | LOW2.7 | stdlib v1.18.1 fixed in 1.18.7, 1.19.2 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2024-51744 | LOW2.63 | github.com/golang-jwt/jwt/v4 v4.2.0 fixed in 4.5.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2022-30629 | LOW2.63 | stdlib v1.18.1 fixed in 1.17.11, 1.18.3 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-27139 | LOW2.12 | stdlib v1.18.1 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| GHSA-7ww5-4wqc-m92c | NONE0 | github.com/containerd/containerd v1.6.1 fixed in 1.6.26, 1.7.11 | — | Not Applicable |
| GHSA-c9cp-9c75-9v8c | NONE0 | github.com/containerd/containerd v1.6.1 fixed in 1.5.11, 1.6.2 | — | Not Applicable |
| GHSA-qq97-vm5h-rrhg | NONE0 | github.com/docker/distribution v2.7.1+incompatible fixed in 2.8.0 | — | Not Applicable |
| GHSA-jq35-85cj-fj4p | NONE0 | github.com/docker/docker v20.10.14+incompatible fixed in 24.0.7, 23.0.8, 20.10.27 | — | Not Applicable |
| GHSA-vp35-85q5-9f25 | NONE0 | github.com/docker/docker v20.10.14+incompatible fixed in 20.10.20 | — | Not Applicable |
| GHSA-4v48-4q5m-8vx4 | NONE0 | github.com/prometheus/prometheus 2.35.0 fixed in 2.37.4, 2.40.4 | — | Not Applicable |
| CVE-2026-2303 | NONE0 | go.mongodb.org/mongo-driver v1.8.3 fixed in 1.17.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2022-30636 | NONE0 | golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 fixed in 0.0.0-20220525230936-793ad666bf5e | 0.6% Theoretical Threat | Not Applicable |
| CVE-2026-46600 | NONE0 | golang.org/x/net v0.0.0-20220325170049-de3da57026de fixed in 0.56.0 | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56852 | NONE0 | golang.org/x/text v0.3.7 fixed in 0.39.0 | — | Not Applicable |
| GHSA-m425-mq94-257g | NONE0 | google.golang.org/grpc v1.45.0 fixed in 1.56.3, 1.57.1, 1.58.3 | — | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.18.1 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.