Vulnerable base images with known CVEs - Embedded secrets (API keys, passwords) in image layers - Malicious images from untrusted registries - Outdated dependencies baked into images