Nginx 1.26

hardened
Full version: 1.26 Analyzed: 2026-02-10
Size Reduction 38% 196.1 MB to 120.7 MB (75.4 MB saved)
Component Reduction 87% 150 to 19 packages (131 removed)
Vulnerability Reduction 99% 117 to 1 vulnerabilities (116 eliminated)

Image Comparison

Propertyupstreamhardened
Imagedocker.io/library/nginx:1.26.3ghcr.io/armorred/nginx:1.26-hardened
Size196.1 MB120.7 MB
Layers722
Components15019
Vulnerabilities1171
Runtime Userroot65534

Vulnerability Analysis

upstream 117 total
18critical
25high
57medium
11low
hardened 1 total
1high
Upstream vulnerability details (117)
CVE IDSeverityPackageVersionFixed In
DEBIAN-CVE-2011-3374lowapt2.6.1unfixed
DEBIAN-CVE-2022-3715highbash5.2.15-2+b75.2-1
DEBIAN-CVE-2016-2781mediumcoreutils9.1-19.4-1
DEBIAN-CVE-2017-18018mediumcoreutils9.1-1unfixed
DEBIAN-CVE-2024-0684mediumcoreutils9.1-19.5-1
DEBIAN-CVE-2025-5278mediumcoreutils9.1-1unfixed
DEBIAN-CVE-2021-22922mediumcurl7.88.1-10+deb12u127.79.1-1
DEBIAN-CVE-2021-22923mediumcurl7.88.1-10+deb12u127.79.1-1
DEBIAN-CVE-2022-42916highcurl7.88.1-10+deb12u127.86.0-1
DEBIAN-CVE-2022-43551highcurl7.88.1-10+deb12u127.86.0-3
DEBIAN-CVE-2023-23914criticalcurl7.88.1-10+deb12u127.88.1-1
DEBIAN-CVE-2023-23915mediumcurl7.88.1-10+deb12u127.88.1-1
DEBIAN-CVE-2023-28320mediumcurl7.88.1-10+deb12u127.88.1-10
DEBIAN-CVE-2023-38039highcurl7.88.1-10+deb12u127.88.1-10+deb12u3
DEBIAN-CVE-2023-38545criticalcurl7.88.1-10+deb12u127.74.0-1.3+deb11u10
DEBIAN-CVE-2023-38546lowcurl7.88.1-10+deb12u127.74.0-1.3+deb11u10
DEBIAN-CVE-2023-46218mediumcurl7.88.1-10+deb12u127.74.0-1.3+deb11u11
DEBIAN-CVE-2023-46219mediumcurl7.88.1-10+deb12u127.88.1-10+deb12u5
DEBIAN-CVE-2024-0853mediumcurl7.88.1-10+deb12u128.6.0-1
DEBIAN-CVE-2024-11053lowcurl7.88.1-10+deb12u127.88.1-10+deb12u10
DEBIAN-CVE-2024-2004lowcurl7.88.1-10+deb12u127.88.1-10+deb12u6
DEBIAN-CVE-2024-2379mediumcurl7.88.1-10+deb12u128.7.1-1
DEBIAN-CVE-2024-2398highcurl7.88.1-10+deb12u127.74.0-1.3+deb11u12
DEBIAN-CVE-2024-2466mediumcurl7.88.1-10+deb12u128.7.1-1
DEBIAN-CVE-2024-6197highcurl7.88.1-10+deb12u128.9.0-1
DEBIAN-CVE-2024-6874mediumcurl7.88.1-10+deb12u128.9.0-1
DEBIAN-CVE-2024-7264mediumcurl7.88.1-10+deb12u127.74.0-1.3+deb11u13
DEBIAN-CVE-2024-8096mediumcurl7.88.1-10+deb12u127.74.0-1.3+deb11u14
DEBIAN-CVE-2024-9681mediumcurl7.88.1-10+deb12u127.88.1-10+deb12u9
DEBIAN-CVE-2025-0167lowcurl7.88.1-10+deb12u127.88.1-10+deb12u11
DEBIAN-CVE-2025-0665criticalcurl7.88.1-10+deb12u128.12.0+git20250209.89ed161+ds-1
DEBIAN-CVE-2025-0725highcurl7.88.1-10+deb12u128.12.0+git20250209.89ed161+ds-1
DEBIAN-CVE-2025-10148mediumcurl7.88.1-10+deb12u128.14.1-2+deb13u1
DEBIAN-CVE-2025-10966mediumcurl7.88.1-10+deb12u128.17.0~rc2-1
DEBIAN-CVE-2025-11563unknowncurl7.88.1-10+deb12u128.14.1-2+deb13u2
DEBIAN-CVE-2025-13034mediumcurl7.88.1-10+deb12u128.18.0~rc2-1
DEBIAN-CVE-2025-14017mediumcurl7.88.1-10+deb12u128.18.0~rc2-1
DEBIAN-CVE-2025-14524mediumcurl7.88.1-10+deb12u128.18.0~rc2-1
DEBIAN-CVE-2025-14819mediumcurl7.88.1-10+deb12u128.18.0~rc3-1
DEBIAN-CVE-2025-15079mediumcurl7.88.1-10+deb12u128.18.0~rc3-1
DEBIAN-CVE-2025-15224lowcurl7.88.1-10+deb12u128.18.0-1
DEBIAN-CVE-2025-4947mediumcurl7.88.1-10+deb12u128.14.0-1
DEBIAN-CVE-2025-5025mediumcurl7.88.1-10+deb12u128.14.0-1
DEBIAN-CVE-2025-5399highcurl7.88.1-10+deb12u128.14.1-1
DEBIAN-CVE-2025-9086highcurl7.88.1-10+deb12u128.14.1-2+deb13u1
DEBIAN-CVE-2025-6297highdpkg1.21.221.22.21
DEBIAN-CVE-2025-1390mediumlibcap21:2.66-41:2.44-1+deb11u1
DEBIAN-CVE-2018-6829highlibgcrypt201.10.1-3unfixed
DEBIAN-CVE-2021-33560highlibgcrypt201.10.1-31.9.4-2
DEBIAN-CVE-2024-2236mediumlibgcrypt201.10.1-3unfixed
DEBIAN-CVE-2024-12133mediumlibtasn1-64.19.0-2+deb12u14.16.0-2+deb11u2
DEBIAN-CVE-2025-13151highlibtasn1-64.19.0-2+deb12u14.21.0-2
DSA-5949-1criticallibxml22.9.14+dfsg-1.3~deb12u12.9.14+dfsg-1.3~deb12u2
DSA-5990-1unknownlibxml22.9.14+dfsg-1.3~deb12u12.9.14+dfsg-1.3~deb12u4
DEBIAN-CVE-2022-2309highlibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u5
DEBIAN-CVE-2022-49043criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2023-39615criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2023-45322criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2024-25062criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2024-34459criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u8
DEBIAN-CVE-2024-56171criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2025-24928criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2025-27113criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u6
DEBIAN-CVE-2025-32414criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u7
DEBIAN-CVE-2025-32415criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u7
DEBIAN-CVE-2025-49794criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u8
DEBIAN-CVE-2025-49796criticallibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u8
DEBIAN-CVE-2025-6021highlibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u8
DEBIAN-CVE-2025-6170lowlibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u8
DEBIAN-CVE-2025-8732lowlibxml22.9.14+dfsg-1.3~deb12u1unfixed
DEBIAN-CVE-2025-9714mediumlibxml22.9.14+dfsg-1.3~deb12u12.9.10+dfsg-6.7+deb11u9
DEBIAN-CVE-2026-0989lowlibxml22.9.14+dfsg-1.3~deb12u1unfixed
DEBIAN-CVE-2026-0990mediumlibxml22.9.14+dfsg-1.3~deb12u1unfixed
DEBIAN-CVE-2026-0992lowlibxml22.9.14+dfsg-1.3~deb12u1unfixed
DEBIAN-CVE-2026-1757mediumlibxml22.9.14+dfsg-1.3~deb12u1unfixed
DEBIAN-CVE-2009-4487unknownnginx1.26.3-1~bookwormunfixed
DEBIAN-CVE-2013-0337unknownnginx1.26.3-1~bookwormunfixed
DEBIAN-CVE-2023-44487highnginx1.26.3-1~bookworm1.8.2-2
DEBIAN-CVE-2025-23419mediumnginx1.26.3-1~bookworm1.18.0-6.1+deb11u4
DEBIAN-CVE-2025-53859mediumnginx1.26.3-1~bookworm1.22.1-9+deb12u3
DEBIAN-CVE-2026-1642highnginx1.26.3-1~bookwormunfixed
DSA-6015-1highopenssl3.0.15-1~deb12u13.0.17-1~deb12u3
DEBIAN-CVE-2023-6129mediumopenssl3.0.15-1~deb12u13.0.13-1~deb12u1
DEBIAN-CVE-2023-6237mediumopenssl3.0.15-1~deb12u13.0.13-1~deb12u1
DEBIAN-CVE-2024-0727mediumopenssl3.0.15-1~deb12u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-12797mediumopenssl3.0.15-1~deb12u13.4.1-1
DEBIAN-CVE-2024-13176mediumopenssl3.0.15-1~deb12u12025.02-8+deb13u1
DEBIAN-CVE-2024-2511mediumopenssl3.0.15-1~deb12u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-4603mediumopenssl3.0.15-1~deb12u13.0.14-1~deb12u1
DEBIAN-CVE-2024-4741highopenssl3.0.15-1~deb12u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-5535criticalopenssl3.0.15-1~deb12u11.1.1w-0+deb11u2
DEBIAN-CVE-2024-6119highopenssl3.0.15-1~deb12u13.0.14-1~deb12u2
DEBIAN-CVE-2024-9143mediumopenssl3.0.15-1~deb12u11.1.1w-0+deb11u2
DEBIAN-CVE-2025-11187mediumopenssl3.0.15-1~deb12u13.5.4-1~deb13u2
DEBIAN-CVE-2025-15467criticalopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-15468mediumopenssl3.0.15-1~deb12u13.5.4-1~deb13u2
DEBIAN-CVE-2025-15469mediumopenssl3.0.15-1~deb12u13.5.4-1~deb13u2
DEBIAN-CVE-2025-27587mediumopenssl3.0.15-1~deb12u13.5.0-1
DEBIAN-CVE-2025-4575mediumopenssl3.0.15-1~deb12u13.5.0-2
DEBIAN-CVE-2025-66199mediumopenssl3.0.15-1~deb12u13.5.4-1~deb13u2
DEBIAN-CVE-2025-68160mediumopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69418mediumopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69419highopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69420highopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-69421highopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2025-9230highopenssl3.0.15-1~deb12u11.1.1w-0+deb11u4
DEBIAN-CVE-2025-9231mediumopenssl3.0.15-1~deb12u13.5.1-1+deb13u1
DEBIAN-CVE-2025-9232highopenssl3.0.15-1~deb12u13.0.17-1~deb12u3
DEBIAN-CVE-2026-22795mediumopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2026-22796mediumopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DSA-6113-1unknownopenssl3.0.15-1~deb12u13.0.18-1~deb12u2
DEBIAN-CVE-2005-2541unknowntar1.34+dfsg-1.2+deb12u1unfixed
DEBIAN-CVE-2022-48303mediumtar1.34+dfsg-1.2+deb12u11.34+dfsg-1+deb11u1
DEBIAN-CVE-2023-39804mediumtar1.34+dfsg-1.2+deb12u11.34+dfsg-1+deb11u1
DEBIAN-CVE-2022-0563mediumutil-linux2.38.1-5+deb12u3unfixed
DEBIAN-CVE-2024-28085lowutil-linux2.38.1-5+deb12u32.36.1-8+deb11u2
DEBIAN-CVE-2025-14104mediumutil-linux2.38.1-5+deb12u32.41.3-1
Hardened vulnerability details (1)
CVE IDSeverityPackageVersionFixed In
OSV-2021-777highlibxml22.13.8unfixed

Software Bill of Materials

upstream components (150)
  • adduser 3.134
  • apt 2.6.1
  • base-files 12.4+deb12u10
  • base-passwd 3.6.1
  • bash 5.2.15-2+b7
  • bsdutils 1:2.38.1-5+deb12u3
  • ca-certificates 20230311
  • coreutils 9.1-1
  • curl 7.88.1-10+deb12u12
  • dash 0.5.12-2
  • debconf 1.5.82
  • debian-archive-keyring 2023.3+deb12u1
  • debianutils 5.7-0.5~deb12u1
  • diffutils 1:3.8-4
  • dpkg 1.21.22
  • e2fsprogs 1.47.0-2
  • findutils 4.9.0-4
  • fontconfig-config 2.14.1-4
  • fonts-dejavu-core 2.37-6
  • gcc-12-base 12.2.0-14
  • gettext-base 0.21-12
  • gpgv 2.2.40-1.1
  • grep 3.8-5
  • gzip 1.12-1
  • hostname 3.23+nmu1
  • init-system-helpers 1.65.2
  • libabsl20220623 20220623.1-1
  • libacl1 2.3.1-3
  • libaom3 3.6.0-1+deb12u1
  • libapt-pkg6.0 2.6.1
  • libattr1 1:2.5.1-4
  • libaudit-common 1:3.0.9-1
  • libaudit1 1:3.0.9-1
  • libavif15 0.11.1-1
  • libblkid1 2.38.1-5+deb12u3
  • libbrotli1 1.0.9-2+b6
  • libbsd0 0.11.7-2
  • libbz2-1.0 1.0.8-5+b1
  • libc-bin 2.36-9+deb12u10
  • libc6 2.36-9+deb12u10
  • libcap-ng0 0.8.3-1+b3
  • libcap2 1:2.66-4
  • libcom-err2 1.47.0-2
  • libcrypt1 1:4.4.33-2
  • libcurl4 7.88.1-10+deb12u12
  • libdav1d6 1.0.0-2+deb12u1
  • libdb5.3 5.3.28+dfsg2-1
  • libde265-0 1.0.11-1+deb12u2
  • libdebconfclient0 0.270
  • libdeflate0 1.14-1
  • libedit2 3.1-20221030-2
  • libexpat1 2.5.0-1+deb12u1
  • libext2fs2 1.47.0-2
  • libffi8 3.4.4-1
  • libfontconfig1 2.14.1-4
  • libfreetype6 2.12.1+dfsg-5+deb12u4
  • libgav1-1 0.18.0-1+b1
  • libgcc-s1 12.2.0-14
  • libgcrypt20 1.10.1-3
  • libgd3 2.3.3-9
  • libgeoip1 1.6.12-10
  • libgmp10 2:6.2.1+dfsg1-1.1
  • libgnutls30 3.7.9-2+deb12u4
  • libgpg-error0 1.46-1
  • libgssapi-krb5-2 1.20.1-2+deb12u2
  • libheif1 1.15.1-1+deb12u1
  • libhogweed6 3.8.1-2
  • libicu72 72.1-3
  • libidn2-0 2.3.3-1+b1
  • libintl 0.21
  • libjbig0 2.1-6.1
  • libjpeg62-turbo 1:2.1.5-2
  • libk5crypto3 1.20.1-2+deb12u2
  • libkeyutils1 1.6.3-2
  • libkrb5-3 1.20.1-2+deb12u2
  • libkrb5support0 1.20.1-2+deb12u2
  • libldap-2.5-0 2.5.13+dfsg-5
  • liblerc4 4.0.0+ds-2
  • liblz4-1 1.9.4-1
  • liblzma5 5.4.1-1
  • libmd0 1.0.4-2
  • libmount1 2.38.1-5+deb12u3
  • libnettle8 3.8.1-2
  • libnghttp2-14 1.52.0-1+deb12u2
  • libnuma1 2.0.16-1
  • libp11-kit0 0.24.1-2
  • libpam-modules 1.5.2-6+deb12u1
  • libpam-modules-bin 1.5.2-6+deb12u1
  • libpam-runtime 1.5.2-6+deb12u1
  • libpam0g 1.5.2-6+deb12u1
  • libpcre2-8-0 10.42-1
  • libpng16-16 1.6.39-2
  • libpsl5 0.21.2-1
  • librav1e0 0.5.1-6
  • librtmp1 2.4+20151223.gitfa8646d.1-2+b2
  • libsasl2-2 2.1.28+dfsg-10
  • libsasl2-modules-db 2.1.28+dfsg-10
  • libseccomp2 2.5.4-1+deb12u1
  • libselinux1 3.4-1+b6
  • libsemanage-common 3.4-1
  • libsemanage2 3.4-1+b5
  • libsepol2 3.4-2.1
  • libsmartcols1 2.38.1-5+deb12u3
  • libss2 1.47.0-2
  • libssh2-1 1.10.0-3+b1
  • libssl3 3.0.15-1~deb12u1
  • libstdc++6 12.2.0-14
  • libsvtav1enc1 1.4.1+dfsg-1
  • libsystemd0 252.36-1~deb12u1
  • libtasn1-6 4.19.0-2+deb12u1
  • libtiff6 4.5.0-6+deb12u2
  • libtinfo6 6.4-4
  • libudev1 252.36-1~deb12u1
  • libunistring2 1.0-2
  • libuuid1 2.38.1-5+deb12u3
  • libwebp7 1.2.4-0.2+deb12u1
  • libx11-6 2:1.8.4-2+deb12u2
  • libx11-data 2:1.8.4-2+deb12u2
  • libx265-199 3.5-2+b1
  • libxau6 1:1.0.9-1
  • libxcb1 1.15-1
  • libxdmcp6 1:1.1.2-3
  • libxml2 2.9.14+dfsg-1.3~deb12u1
  • libxpm4 1:3.5.12-1.1+deb12u1
  • libxslt1.1 1.1.35-1+deb12u1
  • libxxhash0 0.8.1-1
  • libyuv0 0.0~git20230123.b2528b0-1
  • libzstd1 1.5.4+dfsg2-5
  • login 1:4.13+dfsg1-1+b1
  • logsave 1.47.0-2
  • mawk 1.3.4.20200120-3.1
  • mount 2.38.1-5+deb12u3
  • ncurses-base 6.4-4
  • ncurses-bin 6.4-4
  • nginx 1.26.3-1~bookworm
  • nginx-module-geoip 1.26.3-2~bookworm
  • nginx-module-image-filter 1.26.3-2~bookworm
  • nginx-module-njs 1.26.3+0.8.9-1~bookworm
  • nginx-module-xslt 1.26.3-2~bookworm
  • openssl 3.0.15-1~deb12u1
  • passwd 1:4.13+dfsg1-1+b1
  • perl-base 5.36.0-7+deb12u1
  • sed 4.9-1
  • sysvinit-utils 3.06-4
  • tar 1.34+dfsg-1.2+deb12u1
  • tzdata 2025b-0+deb12u1
  • usr-is-merged 37~deb12u1
  • util-linux 2.38.1-5+deb12u3
  • util-linux-extra 2.38.1-5+deb12u3
  • zlib1g 1:1.2.13.dfsg-1
hardened components (19)
  • acl 2.3.2
  • attr 2.5.2
  • coreutils 9.5
  • gcc 13.3.0
  • gcc 13.3.0
  • glibc 2.40-66
  • gmp-with-cxx 6.3.0
  • libidn2 2.3.7
  • libunistring 1.2
  • libxcrypt 4.4.36
  • libxml2 2.13.8
  • libxslt 1.1.42
  • nginx 1.26.3
  • openssl 3.3.3
  • pcre2 10.44
  • perl 5.40.0
  • xgcc 13.3.0
  • zlib 1.3.1
  • zlib-ng 2.2.2

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$ podman pull ghcr.io/armorred/nginx:1.26

Verify Signature

$ cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/nginx:1.26