Vulnerability Reportrabbitmq:4.0.5-management-alpine

rabbitmq:4.0.5-management-alpine
DIGESTsha256:54759523c0b09074814b1233e6985babe9fd34e3462d2fea522361cb83b2fd76

Executive Summary

Last scanned:

Threat Score
50/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The image contains 7 exposed vulnerabilities with severity 6.0 or higher, including denial-of-service (CVE-2026-28389, CVE-2026-28390) and out-of-bounds write (CVE-2025-69419) in OpenSSL. However, these vulnerabilities require processing attacker-controlled CMS or PKCS#12 data, which is not typical for RabbitMQ; therefore, they are not directly exploitable in standard configurations. The remaining 56 exposed issues are lower severity, and post-exploit vulnerabilities are all low (max 4.08). Official trust and pinned digest reduce supply chain risk. Overall, use with caution and apply network segmentation to limit exposure.

Vulnerabilities

Vulnerability Log

108 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.6.4-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r8
fixed in 1.2.5-r9
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-12797MEDIUM5.92
libcrypto3
3.3.2-r4
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-12797MEDIUM5.92
libssl3
3.3.2-r4
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.2-r4
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-56132MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.2-r4
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2026-28387MEDIUM5.5
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-28387MEDIUM5.5
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-59375MEDIUM5.3
libexpat
2.6.4-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2026-28388MEDIUM5.1
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-28388MEDIUM5.1
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r8
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-29088MEDIUM4.67
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r4
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.6.3-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-0938MEDIUM4.08
python3-pyc
3.12.8-r1
fixed in 3.12.9-r0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2025-0938MEDIUM4.08
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.9-r0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.2-r4
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.2-r5
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.2-r5
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r8
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-12718LOW3.88
pyc
3.12.8-r1
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-12718LOW3.88
python3
3.12.8-r1
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-12718LOW3.88
python3-pyc
3.12.8-r1
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2024-12718LOW3.88
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.11-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-4330LOW3.72
pyc
3.12.8-r1
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-4330LOW3.72
python3
3.12.8-r1
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-4330LOW3.72
python3-pyc
3.12.8-r1
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-4330LOW3.72
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.11-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-6965LOW3.61
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r3
73.5%
Actively Exploited
Post-Exploit
CVE-2025-26519LOW3.57
musl-utils
1.2.5-r8
fixed in 1.2.5-r9
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.6.4-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.2-r4
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-3277LOW3
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r1
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r8
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-4517LOW2.74
pyc
3.12.8-r1
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-4517LOW2.74
python3
3.12.8-r1
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-4517LOW2.74
python3-pyc
3.12.8-r1
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-4517LOW2.74
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.11-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2024-8176LOW2.7
libexpat
2.6.4-r0
fixed in 2.7.0-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2025-4138LOW2.7
pyc
3.12.8-r1
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-4138LOW2.7
python3
3.12.8-r1
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-4138LOW2.7
python3-pyc
3.12.8-r1
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-4138LOW2.7
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.11-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-4516LOW2.6
pyc
3.12.8-r1
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-4516LOW2.6
python3
3.12.8-r1
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-4516LOW2.6
python3-pyc
3.12.8-r1
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-4516LOW2.6
python3-pycache-pyc0
3.12.8-r1
fixed in 3.12.10-r1
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-0938LOW2.45
pyc
3.12.8-r1
fixed in 3.12.9-r0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2025-0938LOW2.45
python3
3.12.8-r1
fixed in 3.12.9-r0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2026-25210LOW2.39
libexpat
2.6.4-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r8
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-29087LOW2.29
sqlite-libs
3.48.0-r0
fixed in 3.48.0-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-31115LOW2.29
xz-libs
5.6.3-r0
fixed in 5.6.3-r1
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.6.4-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-46394LOW1.68
busybox
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2026-56131NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.