Vulnerability Reportruby:3.2.10-alpine3.22

ruby:3.2.10-alpine3.22
DIGESTsha256:b9c806890eaad331121a06e584272978c9118e93e38343726bbb3f8a2e45a501

Executive Summary

Last scanned:

Threat Score
27/100NEEDS ATTENTION
Reputation
TRUSTED

This base/runtime image is a reasonable foundation, but it ships vulnerabilities worth remediating in the images built on top of it. The image contains 36 exposed vulnerabilities, with 4 rated medium severity (max 6.38), including CVE-2026-42245 (denial of service) and CVE-2026-42246 (TLS bypass allowing information disclosure). These issues primarily affect the net-imap and openssl packages and can be mitigated by updating those components in the final image. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

59 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-42245MEDIUM6.38
net-imap
0.3.9
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42246MEDIUM6.29
net-imap
0.3.9
fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-47240MEDIUM5.18
net-imap
0.3.9
fixed in ~> 0.5.15, >= 0.6.4.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-47241MEDIUM5.02
net-imap
0.3.9
fixed in ~> 0.5.15, >= 0.6.4.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42258MEDIUM4.5
net-imap
0.3.9
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-45446LOW3.15
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789LOW3
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-42257LOW3
net-imap
0.3.9
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-27820LOW3
zlib
3.0.0
fixed in ~> 3.0.1, ~> 3.1.2, >= 3.2.3
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.5-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-41316LOW2.92
erb
4.0.2
fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libcrypto3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Post-Exploit
CVE-2026-28389LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-28390LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libssl3
3.5.5-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-47242NONE0
net-imap
0.3.9
fixed in ~> 0.5.15, >= 0.6.4.1
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.