Apologies if this is a rookie question, but I keep wondering what the vulnerabilities section on DockerHub is trying to tell me. Take nextcloud images for instance: The most current images seem to list 3 critical and 22 severe vulnerabilities. Does that mean those vulns are part of the image? If so, why would anyone want to run this?
Generally the images will be built with dependencies that have known issues but not all cves are actual problems.
Just because Next cloud uses a package, it may not use the function that has the issue.