$ docker scout cves flyway/flyway:10.19.0-alpine
i New version 1.14.0 available (installed version is 1.13.0) at https://github.com/docker/scout-cli
v SBOM of image already cached, 263 packages indexed
x Detected 3 vulnerable packages with a total of 12 vulnerabilities
## Overview
│ Analyzed Image
────────────────────┼─────────────────────────────────────
Target │ flyway/flyway:10.19.0-alpine
digest │ 67943549ac83
platform │ linux/amd64
vulnerabilities │ 3C 1H 6M 1L 1?
size │ 443 MB
packages │ 263
## Packages and Vulnerabilities
3C 1H 1M 0L 1? expat 2.5.0-r1
pkg:apk/alpine/expat@2.5.0-r1?os_name=alpine&os_version=3.18
x CRITICAL CVE-2024-45492
https://scout.docker.com/v/CVE-2024-45492
Affected range : <2.6.3-r0
Fixed version : 2.6.3-r0
x CRITICAL CVE-2024-45491
https://scout.docker.com/v/CVE-2024-45491
Affected range : <2.6.3-r0
Fixed version : 2.6.3-r0
x CRITICAL CVE-2024-45490
https://scout.docker.com/v/CVE-2024-45490
Affected range : <2.6.3-r0
Fixed version : 2.6.3-r0
x HIGH CVE-2023-52425
https://scout.docker.com/v/CVE-2023-52425
Affected range : <2.6.0-r0
Fixed version : 2.6.0-r0
x MEDIUM CVE-2023-52426
https://scout.docker.com/v/CVE-2023-52426
Affected range : <2.6.0-r0
Fixed version : 2.6.0-r0
x UNSPECIFIED CVE-2024-28757
https://scout.docker.com/v/CVE-2024-28757
Affected range : <2.6.2-r0
Fixed version : 2.6.2-r0
0C 0H 4M 0L busybox 1.36.1-r5
pkg:apk/alpine/busybox@1.36.1-r5?os_name=alpine&os_version=3.18
x MEDIUM CVE-2023-42366
https://scout.docker.com/v/CVE-2023-42366
Affected range : <1.36.1-r6
Fixed version : 1.36.1-r6
x MEDIUM CVE-2023-42365
https://scout.docker.com/v/CVE-2023-42365
Affected range : <1.36.1-r7
Fixed version : 1.36.1-r7
x MEDIUM CVE-2023-42364
https://scout.docker.com/v/CVE-2023-42364
Affected range : <1.36.1-r7
Fixed version : 1.36.1-r7
x MEDIUM CVE-2023-42363
https://scout.docker.com/v/CVE-2023-42363
Affected range : <1.36.1-r7
Fixed version : 1.36.1-r7
0C 0H 1M 1L com.google.guava/guava 30.1.1-jre
pkg:maven/com.google.guava/guava@30.1.1-jre
x MEDIUM CVE-2023-2976 [Creation of Temporary File in Directory with Insecure Permissions]
https://scout.docker.com/v/CVE-2023-2976
Affected range : >=1.0
: <32.0.0-android
Fixed version : 32.0.0
CVSS Score : 5.5
CVSS Vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
x LOW CVE-2020-8908 [Improper Handling of Alternate Encoding]
https://scout.docker.com/v/CVE-2020-8908
Affected range : <32.0.0-android
Fixed version : 32.0.0
CVSS Score : 3.3
CVSS Vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
12 vulnerabilities found in 3 packages
UNSPECIFIED 1
LOW 1
MEDIUM 6
HIGH 1
CRITICAL 3
What's next:
View base image update recommendations → docker scout recommendations flyway/flyway:10.19.0-alpine
The recommendation is to update to the latest 17-jre-alpine, specifically 17.0.12_7-jre-alpine
The recommendation is to update to the latest
17-jre-alpine
, specifically17.0.12_7-jre-alpine