Minimal Container Images Now Publish CVE Vulnerability Information for Enhanced Security Transparency

Summary

Minimal, an open-source project focused on hardened container images, has announced the publication of Common Vulnerabilities and Exposures (CVE) information for its image catalog. The update provides developers and DevOps teams with detailed vulnerability reports across multiple container images, including critical information on exposure levels and severity ratings.

The vulnerability report, updated as of March 14, 2026, tracks CVE data across 25+ container image variants including popular bases like OpenSearch, Kafka, Jenkins, and MinIO. The report shows a total of 35 known vulnerabilities across all images, with OpenSearch carrying the highest number at 20 vulnerabilities (including 1 critical and 11 high-severity issues). The initiative aims to bring greater transparency to the container image supply chain, allowing teams to make informed decisions about which images to use and when patching may be necessary.

• Hardened, minimal container images continue to offer a security-focused alternative with detailed vulnerability disclosure

Editorial Opinion

Publishing CVE information for open-source container images is a significant step toward supply chain transparency and security accountability. This move acknowledges that even hardened, minimal images are not vulnerability-free, and providing this data helps teams make informed security decisions rather than operating under false assumptions of perfect safety. By being transparent about vulnerabilities rather than obscuring them, Minimal demonstrates a mature approach to open-source security governance.