Scanner: Docker Scout
Critical vulnerabilities: 2
High vulnerabilities: 2
Medium vulnerabilities: 8
Critical
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-33815 | v5 | 5.5.5 | 5.9.0 | CVE-2026-33815 |
| CVE-2026-33816 | v5 | 5.5.5 | 5.9.0 | CVE-2026-33816: Improper Input Validation |
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-39883 | sdk | 1.41.0 | 1.43.0 | CVE-2026-39883: Untrusted Search Path |
| CVE-2026-34986 | v4 | 4.1.3 | 4.1.4 | CVE-2026-34986: Uncaught Exception |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-25934 | v5 | 5.16.2 | 5.16.5 | CVE-2026-25934: Improper Validation of Integrity Check Value |
| GHSA-3xc5-wrhm-f963 | v5 | 5.16.2 | 5.18.0 | GHSA-3xc5-wrhm-f963: Insufficiently Protected Credentials |
| CVE-2026-34165 | v5 | 5.16.2 | 5.17.1 | CVE-2026-34165: Integer Underflow (Wrap or Wraparound) |
| CVE-2026-39882 | otlpmetrichttp | 1.41.0 | 1.43.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2026-39882 | otlpmetrichttp | 1.41.0 | 1.43.0 | CVE-2026-39882: Memory Allocation with Excessive Size Value |
| CVE-2025-1386 | ch-go | 0.61.5 | 0.65.0 | CVE-2025-1386: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| GHSA-xmrv-pmrh-hhx2 | eventstream | 1.6.10 | 1.7.8 | GHSA-xmrv-pmrh-hhx2: Improper Input Validation |
| GHSA-xmrv-pmrh-hhx2 | eventstream | 1.6.10 | 1.7.8 | GHSA-xmrv-pmrh-hhx2: Improper Input Validation |