A container-based software implementation uses separate containers for software libraries and application code. A storage system may have multiple applications executing to control various aspects of operation of the storage system, and to enable access to the storage system by hosts. These applications are containerized separately from the libraries referenced by the applications, and the libraries are commonly housed in a separate container. The libraries may be open-source libraries, proprietary libraries, or third-party dependent libraries. A vulnerability management system scans the application containers to determine dependencies between applications and libraries, including the number of containers that reference a particular library and the frequency with which microservices of the containerized application reference the library. A vulnerability prioritization system uses the determined dependencies and vulnerability severity scores to prioritize libraries for correction based on the frequency of use of the library, the number of products impacted, and the severity of the vulnerabilities.