Vulnerability Analysis of 2500 Docker Hub Images

Currently reading
Vulnerability Analysis of 2500 Docker Hub Images

Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
When you like read more than two rows, use this link


The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker’s online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world’s largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that:
1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing;
2) certified images are the most vulnerable;
3) official images are the least vulnerable;
4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update);
5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and
6) Python 2.x packages and jackson- databind packages contain the highest number of severe vulnerabilities.

We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.
Specially for NAS/docker newbies:

This document is not about the fact that the use of this technology is dangerous.
This document only supports what we are trying to explain to the members of this forum - if you are unsure, ask.
Ratio of critical (really dangerous vulnerabilities) is under 2%. What is still perfect share from the vulnerability spreads point of view.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

FYI nothing new, but still worth sharing as patching remains essential, even when we think that using VPN...
agree, but yet another good reminder that it is amongst good security practices to disable the default...

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads