Claude-Agent Container Exposed: 2 Critical, 14 High Vulnerabilities Found in Latest Image

A critical security scan of the official `claude-agent` container image reveals a dangerously vulnerable state, with 16 unpatched flaws rated as Critical or High severity. The automated scan by Trivy, dated April 1, 2026, found a total of 53 vulnerabilities in the `ghcr.io/anthony-spruyt/claude-agent:latest` image, signaling a significant and immediate security risk for any deployment. The presence of two Critical vulnerabilities, including one in the ubiquitous `zlib1g` library and another in `libsqlite3-0`, alongside 14 High-severity issues, creates a broad attack surface for potential exploitation.

The most severe exposures stem from core system libraries that are foundational to the container's operation. The Critical CVE-2023-45853 in `zlib1g` and CVE-2025-7458 in `libsqlite3-0` are both listed as 'unfixed' in their current versions. Furthermore, the Python runtime itself is a major source of risk, with four separate High-severity CVEs (CVE-2025-13836, CVE-2025-15366, CVE-2025-15367, CVE-2025-8194) affecting the `libpython3.11-minimal` package. Other High-risk vulnerabilities exist in libraries like `libldap-2.5-0` and `libncursesw6`, compounding the threat.

This scan result places direct pressure on the maintainer, Anthony Spruyt, and any organization or developer relying on this image for AI agent deployments. The 'latest' tag, often used for automatic updates in production pipelines, is currently shipping known, unmitigated critical flaws. This situation forces immediate scrutiny of software supply chain security for AI projects and raises the risk of container compromise, data exfiltration, or remote code execution if the image is deployed without mitigation. Users must assess their exposure and seek patched base images or temporary workarounds.