Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 5
Medium vulnerabilities: 9
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-39883 | sdk | 1.41.0 | 1.43.0 | CVE-2026-39883: Untrusted Search Path |
| CVE-2026-32280 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32280 |
| CVE-2026-32281 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32281 |
| CVE-2026-32283 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32283 |
| CVE-2026-34040 | docker | 28.5.2%2Bincompatible | not fixed | CVE-2026-34040: Authentication Bypass Using an Alternate Path or Channel |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2025-45582 | tar | 1.35%2Bdfsg-3build1 | not fixed | CVE-2025-45582 |
| CVE-2026-39882 | otlploghttp | 0.16.0 | 1.43.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2026-39882 | otlploghttp | 0.16.0 | 1.43.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2026-39882 | otlploghttp | 0.16.0 | 1.43.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2026-40179 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.2-0.20260410083055-07c6232d159b | CVE-2026-40179: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2026-32288 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32288 |
| CVE-2026-32289 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32289 |
| CVE-2026-32282 | stdlib | 1.25.8 | 1.25.9 | CVE-2026-32282 |
| CVE-2026-33997 | docker | 28.5.2%2Bincompatible | not fixed | CVE-2026-33997: Off-by-one Error |