Vulnerability Reportprom/prometheus:v3.5.3

prom/prometheus:v3.5.3

DIGESTsha256:ddc2493835a1509976d5e4e0c94199c4f843ce1f42dd6bcfc8231ba734a93ff7

Executive Summary

SAFE

This image is safe for production use. While 16 low-severity vulnerabilities and 5 trivial post-exploit issues exist, none are exploitable under standard conditions. The image is maintained by the Prometheus community with an excellent reputation and immutable digest, ensuring integrity. The low threat score (0) confirms minimal risk.

Threat Score

0/100

SAFE

High trust score (90) with 1.97B+ pulls and pinned by digest
All 16 exposed vulnerabilities are low severity (max CVSS 5.95), none reachable remotely
5 post-exploit findings are negligible (max severity 2.81)
No critical or high-severity CVEs detected

Reputation

RELIABLE

prom

POPULAR COMMUNITY

High Reputation Community Image (1972M+ pulls)
Pinned by digest (Immutable)

Vulnerabilities

Vulnerability Log

21 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-39883	MEDIUM5.95	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.43.0	0.2% Theoretical Threat	Directly Exposed
CVE-2026-29181	MEDIUM5.1	go.opentelemetry.io/otel v1.39.0 fixed in 1.41.0	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33811	MEDIUM5.1	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-33814	MEDIUM5.1	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-39826	LOW3.67	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-34040	LOW2.81	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	8.1% Low-Moderate Risk	Post-Exploit
CVE-2026-33997	LOW2.48	github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-11065	LOW1.62	github.com/go-viper/mapstructure/v2 v2.3.0 fixed in 2.4.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-41567	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-42306	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-41568	NONE0	github.com/docker/docker v28.5.2+incompatible No fix yet	0.1% Theoretical Threat	Not Applicable
CVE-2026-39882	NONE0	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 fixed in 1.43.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-24051	NONE0	go.opentelemetry.io/otel/sdk v1.39.0 fixed in 1.40.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39823	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.25.9 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable
CVE-2026-42507	NONE0	stdlib v1.25.9 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable