Vulnerabilities exists everywhere and no exceptions in a Docker Image, but these can be scanned easily. Trivy an open source tool scan a Docker Image.