Last scanned:
This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker can cause denial of service via excessive HTTP/2 frames (CVE-2023-45288) or memory exhaustion from query parameter parsing (CVE-2025-61726), and potentially bypass network access controls due to flawed IP classification (CVE-2024-24790). Note: CVE-2026-33186 (gRPC authorization bypass) only applies if the gRPC authz interceptor is enabled, which is not default. Upgrading to patched versions of Go and its dependencies is required to remediate these vulnerabilities.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2023-45288 | CRITICAL9.75 | golang.org/x/net v0.20.0 fixed in 0.23.0 | 92.0% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2023-45288 | CRITICAL9.75 | stdlib v1.21.6 fixed in 1.21.9, 1.22.2 | 92.0% Actively Exploited | Directly ExposedContext importance: HIGH |
| CVE-2024-24790 | HIGH7.84 | stdlib v1.21.6 fixed in 1.21.11, 1.22.4 | 2.0% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-61726 | HIGH7.5 | stdlib v1.21.6 fixed in 1.24.12, 1.25.6 | 1.9% Low-Moderate Risk | Directly ExposedContext importance: HIGH |
| CVE-2026-33186 | HIGH7.28 | google.golang.org/grpc v1.60.0 fixed in 1.79.3 | 1.6% Low-Moderate Risk | Directly ExposedContext importance: MEDIUM |
| CVE-2025-68121 | MEDIUM6.8 | stdlib v1.21.6 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3 | 0.8% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41567 | MEDIUM6.38 | github.com/docker/docker v24.0.2+incompatible No fix yet | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-30204 | MEDIUM6.38 | github.com/golang-jwt/jwt/v4 v4.5.0 fixed in 4.5.2 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-39882 | MEDIUM6.38 | go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22869 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.35.0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2025-47913 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.43.0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39829 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39830 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-39835 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-46597 | MEDIUM6.38 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | golang.org/x/net v0.20.0 fixed in 0.53.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-22868 | MEDIUM6.38 | golang.org/x/oauth2 v0.13.0 fixed in 0.27.0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-61729 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.24.11, 1.25.5 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25679 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.8, 1.26.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-27145 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.11, 1.26.4 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-32280 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-32281 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-32283 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-33811 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-33814 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39820 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-39836 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42499 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-42504 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.25.11, 1.26.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-58183 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61728 | MEDIUM6.38 | stdlib v1.21.6 fixed in 1.24.12, 1.25.6 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42508 | MEDIUM6.29 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42306 | MEDIUM6.12 | github.com/docker/docker v24.0.2+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-46595 | MEDIUM6.03 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39883 | MEDIUM5.95 | go.opentelemetry.io/otel/sdk v1.21.0 fixed in 1.43.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47907 | MEDIUM5.95 | stdlib v1.21.6 fixed in 1.23.12, 1.24.6 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-24786 | MEDIUM5.9 | google.golang.org/protobuf v1.31.0 fixed in 1.33.0 | 1.3% Low-Moderate Risk | Directly Exposed |
| CVE-2024-24791 | MEDIUM5.9 | stdlib v1.21.6 fixed in 1.21.12, 1.22.5 | 1.4% Low-Moderate Risk | Directly Exposed |
| CVE-2024-34158 | MEDIUM5.9 | stdlib v1.21.6 fixed in 1.22.7, 1.23.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2025-4673 | MEDIUM5.78 | stdlib v1.21.6 fixed in 1.23.10, 1.24.4 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-39821 | MEDIUM5.58 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-39827 | MEDIUM5.52 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-39834 | MEDIUM5.52 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22872 | MEDIUM5.52 | golang.org/x/net v0.20.0 fixed in 0.38.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-25680 | MEDIUM5.52 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-24785 | MEDIUM5.52 | stdlib v1.21.6 fixed in 1.21.8, 1.22.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2025-47906 | MEDIUM5.52 | stdlib v1.21.6 fixed in 1.23.12, 1.24.6 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61727 | MEDIUM5.52 | stdlib v1.21.6 fixed in 1.24.11, 1.25.5 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39825 | MEDIUM5.52 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32282 | MEDIUM5.44 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24784 | MEDIUM5.4 | stdlib v1.21.6 fixed in 1.21.8, 1.22.1 | 1.0% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45289 | MEDIUM5.3 | stdlib v1.21.6 fixed in 1.21.8, 1.22.1 | 1.1% Low-Moderate Risk | Directly Exposed |
| CVE-2023-45290 | MEDIUM5.3 | stdlib v1.21.6 fixed in 1.21.8, 1.22.1 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-42502 | MEDIUM5.18 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-32289 | MEDIUM5.18 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2024-24783 | MEDIUM5.02 | stdlib v1.21.6 fixed in 1.21.8, 1.22.1 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2024-34155 | MEDIUM5.02 | stdlib v1.21.6 fixed in 1.22.7, 1.23.1 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-45336 | MEDIUM5.02 | stdlib v1.21.6 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2024-35255 | MEDIUM4.67 | github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 fixed in 1.6.0-beta.4.0.20240610221955-50774cd97099 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2024-6104 | MEDIUM4.67 | github.com/hashicorp/go-retryablehttp v0.7.2 fixed in 0.7.7 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-24789 | MEDIUM4.67 | stdlib v1.21.6 fixed in 1.21.11, 1.22.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-32288 | MEDIUM4.67 | stdlib v1.21.6 fixed in 1.25.9, 1.26.2 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2023-40577 | MEDIUM4.59 | github.com/prometheus/alertmanager v0.25.0 fixed in 0.25.1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42506 | MEDIUM4.59 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-22871 | MEDIUM4.59 | stdlib v1.21.6 fixed in 1.23.8, 1.24.2 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-27142 | MEDIUM4.59 | stdlib v1.21.6 fixed in 1.25.8, 1.26.1 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39823 | MEDIUM4.59 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-39826 | MEDIUM4.59 | stdlib v1.21.6 fixed in 1.25.10, 1.26.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-47914 | MEDIUM4.5 | golang.org/x/crypto v0.18.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58181 | MEDIUM4.5 | golang.org/x/crypto v0.18.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-46598 | MEDIUM4.5 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-47911 | MEDIUM4.5 | golang.org/x/net v0.20.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58190 | MEDIUM4.5 | golang.org/x/net v0.20.0 fixed in 0.45.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-22866 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2025-22873 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.23.9, 1.24.3 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-47912 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58185 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-58187 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.9, 1.25.3 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58188 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58189 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-61723 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61724 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-61725 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2025-61730 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.12, 1.25.6 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42505 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-42507 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.25.11, 1.26.4 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-58186 | MEDIUM4.5 | stdlib v1.21.6 fixed in 1.24.8, 1.25.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2025-54410 | MEDIUM4.42 | github.com/docker/docker v24.0.2+incompatible fixed in 25.0.13, 28.0.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2024-41110 | MEDIUM4.1 | github.com/docker/docker v24.0.2+incompatible fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6 | 16.5% High Exploitation Risk | Post-Exploit |
| CVE-2025-22870 | LOW3.74 | golang.org/x/net v0.20.0 fixed in 0.36.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-22870 | LOW3.74 | stdlib v1.21.6 fixed in 1.23.7, 1.24.1 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-45341 | LOW3.57 | stdlib v1.21.6 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-41568 | LOW3.31 | github.com/docker/docker v24.0.2+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2024-45337 | LOW2.95 | golang.org/x/crypto v0.18.0 fixed in 0.31.0 | 3.2% Low-Moderate Risk | Post-Exploit |
| CVE-2026-34040 | LOW2.81 | github.com/docker/docker v24.0.2+incompatible fixed in 29.3.1 | 8.1% Low-Moderate Risk | Post-Exploit |
| CVE-2024-34156 | LOW2.7 | stdlib v1.21.6 fixed in 1.22.7, 1.23.1 | 1.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39832 | LOW2.66 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2024-51744 | LOW2.63 | github.com/golang-jwt/jwt/v4 v4.5.0 fixed in 4.5.1 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-33997 | LOW2.48 | github.com/docker/docker v24.0.2+incompatible fixed in 29.3.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39831 | LOW2.48 | golang.org/x/crypto v0.18.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-25681 | LOW2.48 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-27136 | LOW2.48 | golang.org/x/net v0.20.0 fixed in 0.55.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-24557 | LOW2.39 | github.com/docker/docker v24.0.2+incompatible fixed in 24.0.9, 25.0.2 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39822 | LOW2.39 | stdlib v1.21.6 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2024-45338 | LOW2.29 | golang.org/x/net v0.20.0 fixed in 0.33.0 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-27139 | LOW2.12 | stdlib v1.21.6 fixed in 1.25.8, 1.26.1 | 0.2% Theoretical Threat | Directly Exposed |
| GHSA-jq35-85cj-fj4p | NONE0 | github.com/docker/docker v24.0.2+incompatible fixed in 24.0.7, 23.0.8, 20.10.27 | — | Not Applicable |
| CVE-2026-2303 | NONE0 | go.mongodb.org/mongo-driver v1.11.3 fixed in 1.17.7 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-24051 | NONE0 | go.opentelemetry.io/otel/sdk v1.21.0 fixed in 1.40.0 | 0.2% Theoretical Threat | Not Applicable |
| GO-2026-5932 | NONE0 | golang.org/x/crypto v0.18.0 No fix yet | — | Not Applicable |
| CVE-2026-46600 | NONE0 | golang.org/x/net v0.20.0 fixed in 0.56.0 | — | Not Applicable |
| CVE-2026-39824 | NONE0 | golang.org/x/sys v0.16.0 fixed in 0.44.0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-56852 | NONE0 | golang.org/x/text v0.14.0 fixed in 0.39.0 | — | Not Applicable |
| CVE-2025-0913 | NONE0 | stdlib v1.21.6 fixed in 1.23.10, 1.24.4 | 0.2% Theoretical Threat | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.