Vulnerability Reportprom/prometheus:v3.5.2

prom/prometheus:v3.5.2

DIGESTsha256:97dba1708ab397a77313543a877951e67f0f363221b289e36f29121d50dc0950

Executive Summary

Threat ScoreSAFE• Threat score of 0 indicates no elevated risk from known vulnerabilities.• All 16 exposed vulnerabilities have severity below 6.0 (max 5.95), and none are critical.• 5 post-exploit vulnerabilities are all low severity (max 2.81), posing negligible risk.• Image is from a highly reputable community publisher (1972M+ pulls) and pinned by digest, ensuring trustworthiness.• No high-severity or critical findings in either exposed surface or post-exploit categories.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (1972M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. It contains 16 low-severity exposed vulnerabilities (max 5.95) and 5 low-severity post-exploit vulnerabilities (max 2.81), all of which pose minimal risk given the low maximum severity. The image is from a highly trusted publisher and is pinned by digest, ensuring integrity.

Vulnerabilities

Vulnerability Log

21 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-29181	MEDIUM5.1	go.opentelemetry.io/otel v1.39.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39826	LOW3.67	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34040	LOW2.81	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	8.1% Low-Moderate Risk	Post-Exploit
CVE-2026-33997	LOW2.48	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-11065	LOW1.62	github.com/go-viper/mapstructure/v2 v2.3.0 fixed in 2.4.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41567	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-42306	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-41568	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable