Vulnerability Analysis of 2500 Docker Hub Images

by   Katrine Wist, et al.

The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker's online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world's largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.


page 1

page 2

page 3

page 4


An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

This paper examines software vulnerabilities in common Python packages u...

An Analysis of Security Vulnerabilities in Container Images for Scientific Data Analysis

Software containers greatly facilitate the deployment and reproducibilit...

Half-Day Vulnerabilities: A study of the First Days of CVE Entries

The National Vulnerability Disclosure Database is an invaluable source o...

On the Threat of npm Vulnerable Dependencies in Node.js Applications

Software vulnerabilities have a large negative impact on the software sy...

Code-based Vulnerability Detection in Node.js Applications: How far are we?

With one of the largest available collection of reusable packages, the J...

Learning from what we know: How to perform vulnerability prediction using noisy historical data

Vulnerability prediction refers to the problem of identifying system com...

On the Security Blind Spots of Software Composition Analysis

Modern software heavily relies on the use of components. Those component...

Please sign up or login with your details

Forgot password? Click here to reset