Scanner: Docker Scout
Critical vulnerabilities: 2
High vulnerabilities: 11
Medium vulnerabilities: 25
Critical
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-6100 | python3.11 | 3.11.2-6%2Bdeb12u6 | not fixed | CVE-2026-6100 |
| CVE-2026-35030 | litellm | 1.82.6 | 1.83.0 | CVE-2026-35030: Improper Authentication |
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-4519 | python | 3.12.13 | 3.13.13 | CVE-2026-4519 |
| CVE-2025-55131 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2025-55131 |
| CVE-2024-23342 | ecdsa | 0.19.1 | not fixed | CVE-2024-23342: Observable Discrepancy |
| CVE-2025-59465 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2025-59465 |
| CVE-2025-59466 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2025-59466 |
| CVE-2026-21637 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2026-21637 |
| CVE-2026-21710 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2026-21710 |
| CVE-2026-27135 | nghttp2 | 1.52.0-1%2Bdeb12u2 | not fixed | CVE-2026-27135 |
| GHSA-69x8-hrgq-fjj8 | litellm | 1.82.6 | 1.83.0 | GHSA-69x8-hrgq-fjj8: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2026-35029 | litellm | 1.82.6 | 1.83.0 | CVE-2026-35029: Incorrect Authorization |
| CVE-2026-40192 | pillow | 12.1.1 | 12.2.0 | CVE-2026-40192: Allocation of Resources Without Limits or Throttling |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2025-45582 | tar | 1.34%2Bdfsg-1.2%2Bdeb12u1 | not fixed | CVE-2025-45582 |
| CVE-2026-25645 | requests | 2.32.5 | 2.33.0 | CVE-2026-25645: Insecure Temporary File |
| CVE-2026-33699 | pypdf | 6.8.0 | 6.9.2 | CVE-2026-33699: Loop with Unreachable Exit Condition ('Infinite Loop') |
| CVE-2026-5704 | tar | 1.34%2Bdfsg-1.2%2Bdeb12u1 | not fixed | CVE-2026-5704 |
| CVE-2026-33123 | pypdf | 6.8.0 | 6.9.1 | CVE-2026-33123: Uncontrolled Resource Consumption |
| CVE-2022-42969 | py | 1.11.0 | not fixed | CVE-2022-42969 |
| CVE-2026-21714 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2026-21714 |
| CVE-2026-33936 | ecdsa | 0.19.1 | 0.19.2 | CVE-2026-33936: Improper Handling of Length Parameter Inconsistency |
| CVE-2026-1502 | python | 3.12.13 | not fixed | CVE-2026-1502 |
| CVE-2026-21713 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2026-21713 |
| CVE-2026-21717 | nodejs | 22.21.0-1nodesource1 | not fixed | CVE-2026-21717 |
| CVE-2026-3446 | python | 3.12.13 | 3.13.13 | CVE-2026-3446 |
| CVE-2026-3644 | python3.11 | 3.11.2-6%2Bdeb12u6 | not fixed | CVE-2026-3644 |
| CVE-2026-3644 | python3.11 | 3.11.2-6%2Bdeb12u6 | not fixed | CVE-2026-3644 |
| CVE-2026-4224 | python3.11 | 3.11.2-6%2Bdeb12u6 | not fixed | CVE-2026-4224 |
| CVE-2026-4224 | python3.11 | 3.11.2-6%2Bdeb12u6 | not fixed | CVE-2026-4224 |
| CVE-2025-12781 | python | 3.12.13 | 3.13.10 | CVE-2025-12781 |
| CVE-2026-34525 | aiohttp | 3.13.3 | 3.13.4 | CVE-2026-34525: Improper Input Validation |
| CVE-2026-34515 | aiohttp | 3.13.3 | 3.13.4 | CVE-2026-34515: Absolute Path Traversal |
| CVE-2026-34516 | aiohttp | 3.13.3 | 3.13.4 | CVE-2026-34516: Allocation of Resources Without Limits or Throttling |
| CVE-2025-71176 | pytest | 9.0.2 | 9.0.3 | CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions |
| GHSA-pqhf-p39g-3x64 | uv | 0.8.9 | 0.9.6 | GHSA-pqhf-p39g-3x64: Improper Input Validation |
| CVE-2026-22815 | aiohttp | 3.13.3 | 3.13.4 | CVE-2026-22815: Uncontrolled Resource Consumption |
| CVE-2026-39892 | cryptography | 46.0.5 | 46.0.7 | CVE-2026-39892: Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2026-40260 | pypdf | 6.8.0 | 6.10.0 | CVE-2026-40260: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |