The newer images on Docker Hub (2.0.0, 2.0.1 and master) all have security vulnerabilities. In particular mher/flower:master has these vulnerabilities with libexpat package:

• CVE-2024-45490
• CVE-2024-45491
• CVE-2024-45492

I have confirmed that rebuilding the image from the source branch 2.0 allows the image to pass the scan and seems to work properly in my application.

docker build https://github.com/mher/flower.git#2.0 -t mher/flower:2.0.1-rebuild

Requesting that the Docker images be updated on Docker Hub.