Vulnerability Reportruby:3.4.9-alpine3.22

ruby:3.4.9-alpine3.22
DIGESTsha256:2f1913c4f4880a5d3f6d0b314029153989f35b72b88591495089ebfb6ca86252

Executive Summary

Last scanned:

Threat Score
0/100SAFE
Reputation
TRUSTED

This base/runtime image is a clean foundation for building production images. While it contains 19 exposed and 21 post-exploit vulnerabilities, all are low severity (max CVSS 5.35) and none are exploitable in a typical deployment context. The image is officially maintained and pinned to an immutable digest, ensuring consistency and reducing supply chain risk. No actionable high-severity issues exist, making it suitable as a base layer. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

40 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-47240MEDIUM5.18
net-imap
0.5.8
fixed in ~> 0.5.15, >= 0.6.4.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42258MEDIUM4.5
net-imap
0.5.8
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42257LOW3
net-imap
0.5.8
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-41316LOW2.92
erb
4.0.4
fixed in ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-34183LOW2.29
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-42245LOW2.29
net-imap
0.5.8
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-34182LOW2.26
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-42246LOW2.26
net-imap
0.5.8
fixed in ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42256LOW1.99
net-imap
0.5.8
fixed in ~> 0.4.24, ~> 0.5.14, >= 0.6.4
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42764LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-42769LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-9076LOW1.81
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42764LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-42769LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42770LOW1.81
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-47241LOW1.81
net-imap
0.5.8
fixed in ~> 0.5.15, >= 0.6.4.1
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-54696NONE0
json
2.9.1
fixed in >= 2.19.9
0.3%
Theoretical Threat
Not Applicable
CVE-2026-47242NONE0
net-imap
0.5.8
fixed in ~> 0.5.15, >= 0.6.4.1
0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.