Vulnerability Reportprom/prometheus:v3.13.1

prom/prometheus:latestprom/prometheus:v3prom/prometheus:v3-busyboxprom/prometheus:latest-busyboxprom/prometheus:v3.13.1prom/prometheus:v3.13.1-busybox
DIGESTsha256:3c42b892cf723fa54d2f262c37a0e1f80aa8c8ddb1da7b9b0df9455a35a7f893

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
RELIABLE

This image is safe for production use. While the image contains 6 exposed and 13 post-exploit-only vulnerabilities, all are low severity (max 5.1 and 2.69 respectively) and pose no significant practical risk. The image is from a highly popular, reliable community publisher and uses an immutable digest, ensuring integrity.

Vulnerabilities

Vulnerability Log

19 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-27145MEDIUM5.1
stdlib
v1.26.3
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42504MEDIUM5.1
stdlib
v1.26.3
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42505LOW2.7
stdlib
v1.26.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507LOW2.7
stdlib
v1.26.3
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39822LOW2.39
stdlib
v1.26.3
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39829LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39830LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39835LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-46597LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42508LOW2.26
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-46595LOW2.17
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39827LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39834LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-46598LOW1.62
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
GO-2026-5932NONE0
golang.org/x/crypto
v0.51.0
No fix yet
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.