Vulnerability Reportprom/statsd-exporter:v0

prom/statsd-exporter:latestprom/statsd-exporter:v0

DIGESTsha256:378cb79c4ac7d6941e5ed71b1f3cd6f4707cf42c72c104ffe81fa4d9026ef659

Executive Summary

Threat ScoreSAFE• High-reputation community image (121M+ pulls) verified as reliable.• Pinned by digest ensures immutable and tamper-proof image.• All 17 exposed vulnerabilities have severity below 6.0 (max 5.1), posing negligible risk.• Post-exploit vulnerabilities are minimal (max severity 2.69) with no practical exploitability.

0/100SAFE

ReputationPOPULAR COMMUNITY• High Reputation Community Image (121M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is safe for production use. It contains 17 low-severity exposed vulnerabilities and 7 post-exploit vulnerabilities, all with maximum severity below 5.1, which are not exploitable in this context.

Vulnerabilities

Vulnerability Log

24 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2026-33814	MEDIUM5.1	golang.org/x/net v0.51.0 fixed in 0.53.0	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-42507	LOW2.7	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-39828	LOW2.69	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.2% Theoretical Threat	Post-Exploit
CVE-2026-39821	LOW2.51	golang.org/x/net v0.51.0 fixed in 0.55.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39829	LOW2.29	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39830	LOW2.29	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-42508	LOW2.26	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46595	LOW2.17	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Post-Exploit
CVE-2026-46598	LOW1.62	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39827	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39835	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-46597	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39831	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39832	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39833	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.4% Theoretical Threat	Not Applicable
CVE-2026-39834	NONE0	golang.org/x/crypto v0.49.0 fixed in 0.52.0	0.5% Theoretical Threat	Not Applicable
CVE-2026-25680	NONE0	golang.org/x/net v0.51.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-25681	NONE0	golang.org/x/net v0.51.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-27136	NONE0	golang.org/x/net v0.51.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42502	NONE0	golang.org/x/net v0.51.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-42506	NONE0	golang.org/x/net v0.51.0 fixed in 0.55.0	0.2% Theoretical Threat	Not Applicable
CVE-2026-39824	NONE0	golang.org/x/sys v0.42.0 fixed in 0.44.0	0.1% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.26.3 fixed in 1.25.11, 1.26.4	0.6% Theoretical Threat	Not Applicable