If you have run a CVE/security scanner on an image and that is why you are here, you should read our "Why does my security scanner show that an image has CVEs?" FAQ entry.

If you believe you have found a net new security vulnerability, please make every effort to report it to the appropriate maintainers responsibly so that it can be fixed discreetly (also known as "embargo").

When the issue relates to a specific image, please make an effort to (privately) contact the maintainers of that specific image. Some maintainers publish/maintain a SECRUITY.md in their GitHub repository, for example, which can be a great place to find information about how to report an issue appropriately.

For issues related to anything maintained under @docker-library on GitHub or associated infrastructure, please send an email to doi@docker.com or use GitHub's security advisory feature.

Image maintainers should also be aware of the "Security Releases" section of the maintainer documentation for pre-notifying the project maintainers of upcoming security-related releases.