Vulnerability Reportprom/prometheus:v3.11.3

prom/prometheus:v3.11.3prom/prometheus:v3.11.3-busybox

DIGESTsha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3

Executive Summary

SAFE

This image is safe for production use. While 13 low-to-medium severity vulnerabilities exist, none exceed a severity score of 6.0 and all are of low practical impact. The image comes from a highly trusted publisher (Prometheus community) with over 1.97 billion pulls and is pinned by digest, ensuring integrity.

Threat Score

0/100

SAFE

High reputation community image with over 1.97 billion pulls, pinned by digest for immutability.
No high-severity vulnerabilities found; maximum exposed severity is 5.95 (below 6.0).
All 13 exposed vulnerabilities are low or medium severity, and none are exploitable from post-exploit context.
Trust verdict is RELIABLE with score 90.

Reputation

RELIABLE

prom

POPULAR COMMUNITY

High Reputation Community Image (1972M+ pulls)
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

19 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.42.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-32285	MEDIUM5.1	github.com/buger/jsonparser v1.1.1 fixed in 1.1.2	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39826	LOW3.67	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34040	LOW2.81	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	8.1% Low-Moderate Risk	Post-Exploit
CVE-2026-33997	LOW2.48	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-41567	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-42306	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-41568	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.26.2 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.26.2 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable