Vulnerability Reportprom/prometheus:v3.5.4

prom/prometheus:v3.5.4
DIGESTsha256:a75c5a35bc21d7afe69551eefa3cb1e1fb1775fe759408007a66b54ec3de1f29

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
RELIABLE

This image is safe for production use. Although 8 exposed and 17 post-exploit vulnerabilities were found, all are low severity (max CVSS 4.67 and 2.81 respectively) and pose no practical risk. The image's strong reputation, high pull count, and immutable digest further support its safe deployment.

Vulnerabilities

Vulnerability Log

25 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-11065LOW3.6
github.com/go-viper/mapstructure/v2
v2.3.0
fixed in 2.4.0
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42505LOW3.6
stdlib
v1.25.11
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-41568LOW3.31
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34040LOW2.81
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33997LOW2.48
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39822LOW2.39
stdlib
v1.25.11
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-41567LOW2.29
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39829LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39830LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39835LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-46597LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42508LOW2.26
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42306LOW2.2
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-46595LOW2.17
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39827LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39834LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-46598LOW1.62
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.14.0
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.51.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.55.0
fixed in 0.56.0
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.37.0
fixed in 0.39.0
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.