Skip to content

Security: nodejs/docker-node

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Security issues relating to Node.js project should follow the process documented on https://nodejs.org/en/security/.

CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos.

When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in https://github.com/docker-library/faq/#why-does-my-security-scanner-show-that-an-image-has-cves.

There aren’t any published security advisories