Vulnerability Reportprom/prometheus:v2.53.1

prom/prometheus:v2.53.1
DIGESTsha256:f20d3127bf2876f4a1df76246fca576b41ddf1125ed1c546fbd8b16ea55117e6

Executive Summary

Last scanned:

Threat Score
75/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2025-61726 to cause memory exhaustion and denial of service on the Prometheus HTTP API. CVE-2025-68121 may allow certificate validation bypass only if TLS configurations are dynamically mutated. The high vulnerability count and threat score of 75 demand immediate remediation.

Vulnerabilities

Vulnerability Log

102 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-61726HIGH7.5
stdlib
v1.22.5
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2025-68121MEDIUM6.8
stdlib
v1.22.5
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-41567MEDIUM6.38
github.com/docker/docker
v26.1.3+incompatible
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39882MEDIUM6.38
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
v1.27.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39829MEDIUM6.38
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39830MEDIUM6.38
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-39835MEDIUM6.38
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-46597MEDIUM6.38
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
golang.org/x/net
v0.26.0
fixed in 0.53.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.22.5
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27145MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42499MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-42504MEDIUM6.38
stdlib
v1.22.5
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.22.5
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42508MEDIUM6.29
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42306MEDIUM6.12
github.com/docker/docker
v26.1.3+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-46595MEDIUM6.03
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39883MEDIUM5.95
go.opentelemetry.io/otel/sdk
v1.27.0
fixed in 1.43.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47907MEDIUM5.95
stdlib
v1.22.5
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.22.5
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.22.5
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39821MEDIUM5.58
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-39827MEDIUM5.52
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39834MEDIUM5.52
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.26.0
fixed in 0.38.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25680MEDIUM5.52
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.22.5
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.22.5
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42502MEDIUM5.18
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-30204MEDIUM5.1
github.com/golang-jwt/jwt/v5
v5.2.1
fixed in 5.2.2
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-22868MEDIUM5.1
golang.org/x/oauth2
v0.21.0
fixed in 0.27.0
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-34155MEDIUM5.02
stdlib
v1.22.5
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.22.5
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-35255MEDIUM4.67
github.com/Azure/azure-sdk-for-go/sdk/azidentity
v1.5.2
fixed in 1.6.0-beta.4.0.20240610221955-50774cd97099
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-6104MEDIUM4.67
github.com/hashicorp/go-retryablehttp
v0.7.4
fixed in 0.7.7
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.22.5
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42506MEDIUM4.59
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.22.5
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.22.5
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.22.5
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.24.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.24.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-46598MEDIUM4.5
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-47911MEDIUM4.5
golang.org/x/net
v0.26.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58190MEDIUM4.5
golang.org/x/net
v0.26.0
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.22.5
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.22.5
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.22.5
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.22.5
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.22.5
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-54410MEDIUM4.42
github.com/docker/docker
v26.1.3+incompatible
fixed in 25.0.13, 28.0.0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-41110MEDIUM4.1
github.com/docker/docker
v26.1.3+incompatible
fixed in 23.0.15, 26.1.5, 27.1.1, 25.0.6
16.5%
High Exploitation Risk
Post-Exploit
CVE-2025-22870LOW3.74
golang.org/x/net
v0.26.0
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.22.5
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.22.5
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-41568LOW3.31
github.com/docker/docker
v26.1.3+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-33186LOW3.28
google.golang.org/grpc
v1.64.0
fixed in 1.79.3
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.24.0
fixed in 0.31.0
3.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-34040LOW2.81
github.com/docker/docker
v26.1.3+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-34156LOW2.7
stdlib
v1.22.5
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33997LOW2.48
github.com/docker/docker
v26.1.3+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.24.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-25681LOW2.48
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-27136LOW2.48
golang.org/x/net
v0.26.0
fixed in 0.55.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39822LOW2.39
stdlib
v1.22.5
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-22869LOW2.29
golang.org/x/crypto
v0.24.0
fixed in 0.35.0
0.9%
Theoretical Threat
Post-Exploit
CVE-2025-47913LOW2.29
golang.org/x/crypto
v0.24.0
fixed in 0.43.0
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-45338LOW2.29
golang.org/x/net
v0.26.0
fixed in 0.33.0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.22.5
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.14.0
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
CVE-2026-24051NONE0
go.opentelemetry.io/otel/sdk
v1.27.0
fixed in 1.40.0
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.24.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.26.0
fixed in 0.56.0
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.21.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.16.0
fixed in 0.39.0
Not Applicable
GHSA-xr7q-jx4m-x55mNONE0
google.golang.org/grpc
v1.64.0
fixed in 1.64.1
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.22.5
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.