Vulnerability Reportprom/prometheus:v3.5.5

prom/prometheus:v3.5.5
DIGESTsha256:332c2f43e7e389d74d3893b55bb02fbbd684208e681eeb604641d5d769c0fe2a

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
RELIABLE

This image is safe for production use. It has 6 exposed vulnerabilities and 17 post-exploit vulnerabilities, all of low severity (max CVSS 4.67 and 2.81 respectively). The image is from a reliable community publisher and is pinned by digest, ensuring integrity.

Vulnerabilities

Vulnerability Log

23 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-39833MEDIUM4.67
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-41568LOW3.31
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34040LOW2.81
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
8.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39828LOW2.69
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-39832LOW2.66
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-33997LOW2.48
github.com/docker/docker
v28.5.2+incompatible
fixed in 29.3.1
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39831LOW2.48
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-41567LOW2.29
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39829LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39830LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-39835LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-46597LOW2.29
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42508LOW2.26
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42306LOW2.2
github.com/docker/docker
v28.5.2+incompatible
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-46595LOW2.17
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-39827LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39834LOW1.99
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-11065LOW1.62
github.com/go-viper/mapstructure/v2
v2.3.0
fixed in 2.4.0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-46598LOW1.62
golang.org/x/crypto
v0.51.0
fixed in 0.52.0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-2303NONE0
go.mongodb.org/mongo-driver
v1.14.0
fixed in 1.17.7
0.2%
Theoretical Threat
Not Applicable
GO-2026-5932NONE0
golang.org/x/crypto
v0.51.0
No fix yet
Not Applicable
CVE-2026-46600NONE0
golang.org/x/net
v0.55.0
fixed in 0.56.0
Not Applicable
CVE-2026-56852NONE0
golang.org/x/text
v0.37.0
fixed in 0.39.0
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.