Ok, but that seems different than:

> Every single package, every single dependency, that has an actively exploited security flaw is being exploited in the Docker images you're using

This says that every exploit in a docker image you use IS BEING exploited, not that it COULD BE exploited.