Vulnerability Reportruby:3.3.11-alpine3.22

ruby:3.3.11-alpine3.22
DIGESTsha256:5e709dbdeac50b6bbf1124698a7a366fa0ebb6ec3083cd4d47bde77d290d28f0

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
TRUSTED

This base/runtime image is a clean foundation for building production images. It contains 19 exposed and 20 post-exploit vulnerabilities, but all are low severity (max 5.35 exposed, 3.0 post-exploit) and pose negligible practical risk. The image is officially published by Docker, is immutable (pinned by digest), and has no exploitable findings that would affect downstream services. There are no high-severity CVEs to remediate. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

39 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-47240MEDIUM5.18
net-imap
0.4.21
fixed in ~> 0.5.15, >= 0.6.4.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42258MEDIUM4.5
net-imap
0.4.21
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42257LOW3
net-imap
0.4.21
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-41316LOW2.92
erb
4.0.3
fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42245LOW2.29
net-imap
0.4.21
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-42246LOW2.26
net-imap
0.4.21
fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42256LOW1.99
net-imap
0.4.21
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42764LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-42769LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42764LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-42769LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-47241LOW1.81
net-imap
0.4.21
fixed in ~> 0.5.15, >= 0.6.4.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-47242NONE0
net-imap
0.4.21
fixed in ~> 0.5.15, >= 0.6.4.1
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.