Last scanned:
This image is safe for production use. Although 8 exposed and 17 post-exploit vulnerabilities were found, all are low severity (max CVSS 4.67 and 2.81 respectively) and pose no practical risk. The image's strong reputation, high pull count, and immutable digest further support its safe deployment.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-39833 | MEDIUM4.67 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2025-11065 | LOW3.6 | github.com/go-viper/mapstructure/v2 v2.3.0 fixed in 2.4.0 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42505 | LOW3.6 | stdlib v1.25.11 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41568 | LOW3.31 | github.com/docker/docker v28.5.2+incompatible No fix yet | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34040 | LOW2.81 | github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1 | 8.1% Low-Moderate Risk | Post-Exploit |
| CVE-2026-39828 | LOW2.69 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-39832 | LOW2.66 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-33997 | LOW2.48 | github.com/docker/docker v28.5.2+incompatible fixed in 29.3.1 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39831 | LOW2.48 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39822 | LOW2.39 | stdlib v1.25.11 fixed in 1.25.12, 1.26.5, 1.27.0-rc.2 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-41567 | LOW2.29 | github.com/docker/docker v28.5.2+incompatible No fix yet | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-39829 | LOW2.29 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39830 | LOW2.29 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-39835 | LOW2.29 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-46597 | LOW2.29 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-42508 | LOW2.26 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-42306 | LOW2.2 | github.com/docker/docker v28.5.2+incompatible No fix yet | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-46595 | LOW2.17 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-39827 | LOW1.99 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-39834 | LOW1.99 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-46598 | LOW1.62 | golang.org/x/crypto v0.51.0 fixed in 0.52.0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-2303 | NONE0 | go.mongodb.org/mongo-driver v1.14.0 fixed in 1.17.7 | 0.2% Theoretical Threat | Not Applicable |
| GO-2026-5932 | NONE0 | golang.org/x/crypto v0.51.0 No fix yet | — | Not Applicable |
| CVE-2026-46600 | NONE0 | golang.org/x/net v0.55.0 fixed in 0.56.0 | — | Not Applicable |
| CVE-2026-56852 | NONE0 | golang.org/x/text v0.37.0 fixed in 0.39.0 | — | Not Applicable |
Want to check another image? Run a full scan with the Docker Security Scanner.