Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 2
Medium vulnerabilities: 6
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-42151 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | CVE-2026-42151: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2026-42154 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | CVE-2026-42154: Uncontrolled Resource Consumption |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| GHSA-fw8g-cg8f-9j28 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.3 | GHSA-fw8g-cg8f-9j28: Improper Neutralization of Input During Web Page Generation ('Cross-site Script... |
| CVE-2026-25934 | v5 | 5.16.2 | 5.16.5 | CVE-2026-25934: Improper Validation of Integrity Check Value |
| CVE-2026-41506 | v5 | 5.16.2 | 5.18.0 | CVE-2026-41506: Insufficiently Protected Credentials |
| CVE-2026-34165 | v5 | 5.16.2 | 5.17.1 | CVE-2026-34165: Integer Underflow (Wrap or Wraparound) |
| CVE-2026-40179 | prometheus | 0.309.2-0.20260113170727-c7bc56cf6c8f | 0.311.2-0.20260410083055-07c6232d159b | CVE-2026-40179: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2026-6993 | v2 | 2.8.4 | not fixed | CVE-2026-6993: Unintended Proxy or Intermediary ('Confused Deputy') |