Apologies if this is a rookie question, but I keep wondering what the vulnerabilities section on DockerHub is trying to tell me. Take nextcloud images for instance: The most current images seem to list 3 critical and 22 severe vulnerabilities. Does that mean those vulns are part of the image? If so, why would anyone want to run this?
I don’t know if I agree. I get it, but it’s kind of important that people know that if they do something weird with a piece of software, that it might expose them to remote code execution or root shell exploits. It certainly does make you numb to the word “critical”, but I don’t have a solution to that.