Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 4
Medium vulnerabilities: 3
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-41672 | xmldom | 0.8.12 | 0.8.13 | CVE-2026-41672: XML Injection (aka Blind XPath Injection) |
| CVE-2026-41673 | xmldom | 0.8.12 | 0.8.13 | CVE-2026-41673: Uncontrolled Recursion |
| CVE-2026-41674 | xmldom | 0.8.12 | 0.8.13 | CVE-2026-41674: XML Injection (aka Blind XPath Injection) |
| CVE-2026-41675 | xmldom | 0.8.12 | 0.8.13 | CVE-2026-41675: XML Injection (aka Blind XPath Injection) |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2025-25285 | endpoint | 9.0.6 | 10.1.3 | CVE-2025-25285: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| CVE-2025-25289 | request-error | 5.1.1 | 6.1.7 | CVE-2025-25289: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| GHSA-w5hq-g745-h8pq | uuid | 8.3.2 | 14.0.0 | GHSA-w5hq-g745-h8pq: Improper Validation of Specified Index, Position, or Offset in Input |