Skip to content

to be continuous

DCMP_IMAGE

to-be-continuous/doc

docker.io/library/docker:latest (alpine 3.23.4)¶

Trivy Image Scan

Image: docker.io/library/docker:latest (alpine 3.23.4)
Scan date: 2026-04-24

docker.io/library/docker:latest (alpine 3.23.4) (alpine)¶

No Vulnerabilities found
No Misconfigurations found

usr/local/bin/containerd (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/go-jose/go-jose/v4	CVE-2026-34986	HIGH	v4.1.3	4.1.4	https://access.redhat.com/security/cve/CVE-2026-34986 https://github.com/go-jose/go-jose https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8 https://nvd.nist.gov/vuln/detail/CVE-2026-34986 https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants https://www.cve.org/CVERecord?id=CVE-2026-34986
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	MEDIUM	v1.35.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/pull/8108 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58 https://nvd.nist.gov/vuln/detail/CVE-2026-39882
go.opentelemetry.io/otel/sdk	CVE-2026-24051	HIGH	v1.38.0	1.40.0	https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq https://nvd.nist.gov/vuln/detail/CVE-2026-24051 https://pkg.go.dev/vuln/GO-2026-4394
go.opentelemetry.io/otel/sdk	CVE-2026-39883	HIGH	v1.38.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx https://nvd.nist.gov/vuln/detail/CVE-2026-39883
google.golang.org/grpc	CVE-2026-33186	CRITICAL	v1.78.0	1.79.3	https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

usr/local/bin/containerd-shim-runc-v2 (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
google.golang.org/grpc	CVE-2026-33186	CRITICAL	v1.78.0	1.79.3	https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

usr/local/bin/ctr (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
google.golang.org/grpc	CVE-2026-33186	CRITICAL	v1.78.0	1.79.3	https://access.redhat.com/security/cve/CVE-2026-33186 https://github.com/grpc/grpc-go https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 https://nvd.nist.gov/vuln/detail/CVE-2026-33186 https://www.cve.org/CVERecord?id=CVE-2026-33186
No Misconfigurations found

usr/local/bin/docker (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

usr/local/bin/docker-proxy (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

usr/local/bin/dockerd (gobinary)¶

No Vulnerabilities found
No Misconfigurations found

usr/local/bin/runc (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
golang.org/x/net	CVE-2025-22870	MEDIUM	v0.35.0	0.36.0	http://www.openwall.com/lists/oss-security/2025/03/07/2 https://access.redhat.com/security/cve/CVE-2025-22870 https://github.com/golang/go/issues/71984 https://go-review.googlesource.com/q/project:net https://go.dev/cl/654697 https://go.dev/issue/71984 https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://pkg.go.dev/vuln/GO-2025-3503 https://security.netapp.com/advisory/ntap-20250509-0007 https://security.netapp.com/advisory/ntap-20250509-0007/ https://ubuntu.com/security/notices/USN-7574-1 https://www.cve.org/CVERecord?id=CVE-2025-22870
golang.org/x/net	CVE-2025-22872	MEDIUM	v0.35.0	0.38.0	https://access.redhat.com/security/cve/CVE-2025-22872 https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9 https://github.com/advisories/GHSA-vvgc-356p-c3xw https://go.dev/cl/662715 https://go.dev/issue/73070 https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA https://nvd.nist.gov/vuln/detail/CVE-2025-22872 https://pkg.go.dev/vuln/GO-2025-3595 https://security.netapp.com/advisory/ntap-20250516-0007 https://security.netapp.com/advisory/ntap-20250516-0007/ https://ubuntu.com/security/notices/USN-8089-1 https://ubuntu.com/security/notices/USN-8089-2 https://ubuntu.com/security/notices/USN-8089-3 https://www.cve.org/CVERecord?id=CVE-2025-22872
No Misconfigurations found

usr/local/libexec/docker/cli-plugins/docker-buildx (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/docker/docker	CVE-2026-34040	HIGH	v28.5.2+incompatible	29.3.1	https://access.redhat.com/security/cve/CVE-2026-34040 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040 https://www.cve.org/CVERecord?id=CVE-2026-34040
github.com/docker/docker	CVE-2026-33997	MEDIUM	v28.5.2+incompatible	29.3.1	https://access.redhat.com/security/cve/CVE-2026-33997 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997 https://www.cve.org/CVERecord?id=CVE-2026-33997
github.com/moby/spdystream	CVE-2026-35469	HIGH	v0.5.0	0.5.1	https://access.redhat.com/security/cve/CVE-2026-35469 https://github.com/moby/spdystream https://github.com/moby/spdystream/releases/tag/v0.5.1 https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2 https://nvd.nist.gov/vuln/detail/CVE-2026-35469 https://www.cve.org/CVERecord?id=CVE-2026-35469
github.com/sigstore/timestamp-authority/v2	CVE-2026-39984	MEDIUM	v2.0.3	2.0.6	https://access.redhat.com/security/cve/CVE-2026-39984 https://github.com/sigstore/timestamp-authority https://github.com/sigstore/timestamp-authority/releases/tag/v2.0.6 https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-xm5m-wgh2-rrg3 https://nvd.nist.gov/vuln/detail/CVE-2026-39984 https://www.cve.org/CVERecord?id=CVE-2026-39984
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	CVE-2026-39882	MEDIUM	v1.40.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/pull/8108 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58 https://nvd.nist.gov/vuln/detail/CVE-2026-39882
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	MEDIUM	v1.40.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/pull/8108 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58 https://nvd.nist.gov/vuln/detail/CVE-2026-39882
go.opentelemetry.io/otel/sdk	CVE-2026-39883	HIGH	v1.40.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx https://nvd.nist.gov/vuln/detail/CVE-2026-39883
stdlib	CVE-2026-32280	HIGH	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://pkg.go.dev/vuln/GO-2026-4947 https://www.cve.org/CVERecord?id=CVE-2026-32280
stdlib	CVE-2026-32281	HIGH	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://pkg.go.dev/vuln/GO-2026-4946 https://www.cve.org/CVERecord?id=CVE-2026-32281
stdlib	CVE-2026-32283	HIGH	v1.25.8	1.25.9, 1.26.2	https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32283 https://pkg.go.dev/vuln/GO-2026-4870
stdlib	CVE-2026-32282	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://pkg.go.dev/vuln/GO-2026-4864 https://www.cve.org/CVERecord?id=CVE-2026-32282
stdlib	CVE-2026-32288	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32288 https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32288 https://pkg.go.dev/vuln/GO-2026-4869 https://www.cve.org/CVERecord?id=CVE-2026-32288
stdlib	CVE-2026-32289	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32289 https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32289 https://pkg.go.dev/vuln/GO-2026-4865 https://www.cve.org/CVERecord?id=CVE-2026-32289
No Misconfigurations found

usr/local/libexec/docker/cli-plugins/docker-compose (gobinary)¶

Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
github.com/docker/docker	CVE-2026-34040	HIGH	v28.5.2+incompatible	29.3.1	https://access.redhat.com/security/cve/CVE-2026-34040 https://docs.docker.com/engine/extend/plugins_authorization https://github.com/moby/moby https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38 https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2 https://nvd.nist.gov/vuln/detail/CVE-2026-34040 https://www.cve.org/CVERecord?id=CVE-2026-34040
github.com/docker/docker	CVE-2026-33997	MEDIUM	v28.5.2+incompatible	29.3.1	https://access.redhat.com/security/cve/CVE-2026-33997 https://docs.docker.com/engine/extend/legacy_plugins https://github.com/moby/moby https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a https://github.com/moby/moby/releases/tag/docker-v29.3.1 https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9 https://nvd.nist.gov/vuln/detail/CVE-2026-33997 https://www.cve.org/CVERecord?id=CVE-2026-33997
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	CVE-2026-39882	MEDIUM	v1.42.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/pull/8108 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58 https://nvd.nist.gov/vuln/detail/CVE-2026-39882
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	MEDIUM	v1.42.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/pull/8108 https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58 https://nvd.nist.gov/vuln/detail/CVE-2026-39882
go.opentelemetry.io/otel/sdk	CVE-2026-39883	HIGH	v1.42.0	1.43.0	http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0 https://github.com/open-telemetry/opentelemetry-go https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx https://nvd.nist.gov/vuln/detail/CVE-2026-39883
stdlib	CVE-2026-32280	HIGH	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32280 https://go.dev/cl/758320 https://go.dev/issue/78282 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32280 https://pkg.go.dev/vuln/GO-2026-4947 https://www.cve.org/CVERecord?id=CVE-2026-32280
stdlib	CVE-2026-32281	HIGH	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32281 https://go.dev/cl/758061 https://go.dev/issue/78281 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32281 https://pkg.go.dev/vuln/GO-2026-4946 https://www.cve.org/CVERecord?id=CVE-2026-32281
stdlib	CVE-2026-32283	HIGH	v1.25.8	1.25.9, 1.26.2	https://go.dev/cl/763767 https://go.dev/issue/78334 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32283 https://pkg.go.dev/vuln/GO-2026-4870
stdlib	CVE-2026-32282	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32282 https://go.dev/cl/763761 https://go.dev/issue/78293 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32282 https://pkg.go.dev/vuln/GO-2026-4864 https://www.cve.org/CVERecord?id=CVE-2026-32282
stdlib	CVE-2026-32288	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32288 https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32288 https://pkg.go.dev/vuln/GO-2026-4869 https://www.cve.org/CVERecord?id=CVE-2026-32288
stdlib	CVE-2026-32289	MEDIUM	v1.25.8	1.25.9, 1.26.2	https://access.redhat.com/security/cve/CVE-2026-32289 https://go.dev/cl/763762 https://go.dev/issue/78331 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://nvd.nist.gov/vuln/detail/CVE-2026-32289 https://pkg.go.dev/vuln/GO-2026-4865 https://www.cve.org/CVERecord?id=CVE-2026-32289
No Misconfigurations found