docker.elastic.co/beats/elastic-agent:8.18.8 linux/arm64

docker.elastic.co/beats/elastic-agent:8.18.8 - Trivy安全扫描结果扫描时间: 2026-06-28 16:31 温馨提示: 这是一个 linux/arm64 系统架构镜像

全部漏洞信息

低危漏洞:113

中危漏洞:440

高危漏洞:346

严重漏洞:19

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-28 16:31

docker.elastic.co/beats/elastic-agent:8.18.8 (ubuntu 24.04) (ubuntu)

低危漏洞:85

中危漏洞:83

高危漏洞:3

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
gpgv	CVE-2025-68973	高危	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2025-12-28 17:16 修改: 2026-06-17 09:59
libssl3t64	CVE-2026-45447	高危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
openssl	CVE-2026-45447	高危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
curl	CVE-2026-1965	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
curl	CVE-2026-3783	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2026-5545	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
curl	CVE-2026-6253	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
curl	CVE-2026-6429	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
curl	CVE-2026-7168	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01
curl	CVE-2026-8927	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-07 09:16 修改: 2026-06-17 10:30
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libc-bin	CVE-2025-15281	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37
libc-bin	CVE-2026-0861	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11
libc-bin	CVE-2026-0915	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.6		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.6		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.6		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.6		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.6		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17
libc6	CVE-2025-15281	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37
libc6	CVE-2026-0861	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11
libc6	CVE-2026-0915	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.6		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.6		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.6		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.6		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.6		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-09 16:16 修改: 2026-06-25 20:17
libcurl4t64	CVE-2025-14017	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
libcurl4t64	CVE-2026-11856	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-1965	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
libcurl4t64	CVE-2026-3783	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2026-5545	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
libcurl4t64	CVE-2026-6253	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-6429	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-7168	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01
libcurl4t64	CVE-2026-8927	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-23 05:16 修改: 2026-06-17 10:47
libgnutls30t64	CVE-2025-14831	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.5	gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-02-09 15:16 修改: 2026-06-25 04:17
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-30 18:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-04 10:15 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-30 18:16 修改: 2026-06-24 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-30 18:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-18 13:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-07 12:16 修改: 2026-06-26 11:16
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-07 15:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-06-16 02:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-06-01 21:16 修改: 2026-06-26 08:16
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libnghttp2-14	CVE-2026-27135	中危	1.59.0-1ubuntu0.2	1.59.0-1ubuntu0.3	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-18 18:16 修改: 2026-06-17 10:26
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libssh-4	CVE-2026-0964	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: Improper sanitation of paths received from SCP servers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0964 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0967	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via inefficient regular expression processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0967 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0968	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service due to malformed SFTP message 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0968 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-3731	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.4	libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3731 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-08 11:15 修改: 2026-06-17 10:44
curl	CVE-2025-14017	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
libssl3t64	CVE-2025-15467	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37
libssl3t64	CVE-2026-31790	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3t64	CVE-2026-34182	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3t64	CVE-2026-45445	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libsystemd0	CVE-2026-29111	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29
libsystemd0	CVE-2026-40225	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libtasn1-6	CVE-2025-13151	中危	4.19.0-3ubuntu0.24.04.1	4.19.0-3ubuntu0.24.04.2	libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33
libudev1	CVE-2026-29111	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29
libudev1	CVE-2026-40225	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
curl	CVE-2026-11856	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
openssl	CVE-2025-15467	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37
openssl	CVE-2026-31790	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
openssl	CVE-2026-34182	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
openssl	CVE-2026-45445	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
perl-base	CVE-2026-42496	中危	5.38.2-3.2ubuntu0.2	5.38.2-3.2ubuntu0.3	perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 02:16 修改: 2026-06-17 10:47
perl-base	CVE-2026-8376	中危	5.38.2-3.2ubuntu0.2	5.38.2-3.2ubuntu0.3	Perl versions through 5.43.10 have a heap buffer overflow when compili ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	sed: GNU sed TOCTOU race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-20 12:16 修改: 2026-06-17 10:59
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2025-07-11 17:15 修改: 2026-06-17 09:25
tar	CVE-2026-5704	中危	1.35+dfsg-3build1	1.35+dfsg-3ubuntu0.1	tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:59
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
curl	CVE-2026-12064	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-3784	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2026-4873	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57
libgnutls30t64	CVE-2025-9820	低危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.5	gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-01-26 20:16 修改: 2026-06-25 08:16
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39
curl	CVE-2026-5773	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
curl	CVE-2026-6276	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2025-0167	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25
libcurl4t64	CVE-2025-10148	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: predictable WebSocket mask 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27
libcurl4t64	CVE-2025-14524	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcurl4t64	CVE-2025-14819	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcurl4t64	CVE-2025-15079	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Host verification bypass during SSH transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
libssh-4	CVE-2025-8114	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.2	libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8114 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-07-24 15:15 修改: 2026-06-25 05:16
libssh-4	CVE-2025-8277	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: Memory Exhaustion via Repeated Key Exchange in libssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8277 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-09-09 12:15 修改: 2026-06-25 08:16
libssh-4	CVE-2026-0965	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via improper configuration file handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0965 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0966	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0966 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libcurl4t64	CVE-2025-15224	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libssh key passphrase bypass without agent set 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
libcurl4t64	CVE-2026-10536	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-12064	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-3784	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2026-4873	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57
libssl3t64	CVE-2025-68160	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58
libssl3t64	CVE-2025-69418	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69419	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69420	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed TimeStamp Response 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69421	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2026-22795	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
libssl3t64	CVE-2026-22796	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
libssl3t64	CVE-2026-28387	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28388	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28389	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28390	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-31789	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3t64	CVE-2026-34180	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3t64	CVE-2026-42766	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-42767	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-42770	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-45446	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libssl3t64	CVE-2026-7383	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02
libssl3t64	CVE-2026-9076	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
libcurl4t64	CVE-2026-5773	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
libcurl4t64	CVE-2026-6276	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-8286	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.10		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2026-8458	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-8924	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-8932	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-9547	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.10		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
curl	CVE-2026-8286	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24
curl	CVE-2026-8458	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8924	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8932	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-9547	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2025-0167	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25
openssl	CVE-2025-68160	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58
openssl	CVE-2025-69418	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69419	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69420	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed TimeStamp Response 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69421	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2026-22795	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
openssl	CVE-2026-22796	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
openssl	CVE-2026-28387	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28388	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28389	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28390	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-31789	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
openssl	CVE-2026-34180	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
openssl	CVE-2026-42766	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-42767	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-42770	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-45446	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
openssl	CVE-2026-7383	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02
openssl	CVE-2026-9076	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12
curl	CVE-2025-10148	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: predictable WebSocket mask 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27
curl	CVE-2025-14524	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
curl	CVE-2025-14819	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
curl	CVE-2025-15079	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Host verification bypass during SSH transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
curl	CVE-2025-15224	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libssh key passphrase bypass without agent set 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
curl	CVE-2026-10536	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
xz-utils	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:b4e654349cf8235b03a3881340eb1953f8e6a88ba8f32431a972f51a0a56edc9 发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39
zlib1g	CVE-2026-27171	低危	1:1.3.dfsg-3.1ubuntu2.1		zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171 镜像层: sha256:09f933d26ff9abea427706eebde6a8c8537cfd0c77315e562f48474e5bc068d1 发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

Java (jar)

低危漏洞:0

中危漏洞:4

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
org.apache.logging.log4j:log4j-core	CVE-2025-68161	中危	2.12.4	2.25.3	Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
org.apache.logging.log4j:log4j-core	CVE-2026-34477	中危	2.12.4	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.apache.logging.log4j:log4j-core	CVE-2026-34480	中危	2.12.4	2.25.4	org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
org.bouncycastle:bc-fips	CVE-2025-8885	中危	1.0.2.5	1.0.2.6, 2.0.1	bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-12 10:15 修改: 2026-06-17 10:07

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/agentbeat (gobinary)

低危漏洞:3

中危漏洞:41

高危漏洞:38

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.67.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.7	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/docker/docker	CVE-2026-41567	高危	v27.3.1+incompatible		docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-05 02:17 修改: 2026-06-17 10:46
github.com/docker/docker	CVE-2026-42306	高危	v27.3.1+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.54.1	0.311.3	github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.54.1	0.311.3, 0.305.2	github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.34.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.34.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2025-47913	高危	v0.39.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2026-39827	高危	v0.39.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.39.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.39.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.40.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.40.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.40.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/apache/thrift	CVE-2026-41602	高危	v0.20.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-28 10:16 修改: 2026-06-17 10:46
github.com/docker/docker	CVE-2026-34040	高危	v27.3.1+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
stdlib	CVE-2025-61726	高危	v1.24.7	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.7	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.7	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.7	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/docker/docker	CVE-2026-33997	中危	v27.3.1+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41568	中危	v27.3.1+incompatible		github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46
github.com/eclipse/paho.mqtt.golang	CVE-2025-10543	中危	v1.3.5	1.5.1	paho.mqtt.golang: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10543 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 09:15 修改: 2026-06-17 08:28
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.71.1	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
golang.org/x/net	CVE-2025-47911	中危	v0.40.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.40.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:36
github.com/prometheus/prometheus	CVE-2026-40179	中危	v0.54.1	0.311.2-0.20260410083055-07c6232d159b	Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-15 23:16 修改: 2026-06-17 10:44
github.com/prometheus/prometheus	CVE-2026-44903	中危	v0.54.1	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-26 22:16 修改: 2026-06-17 10:51
go.mongodb.org/mongo-driver	CVE-2026-2303	中危	v1.17.4	1.17.7	CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2303 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-10 20:17 修改: 2026-06-17 10:30
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	CVE-2026-39882	中危	v0.7.0	0.19.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	CVE-2026-39882	中危	v1.32.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2025-47914	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.39.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.39.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.39.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.31.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.7	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	GHSA-xmrv-pmrh-hhx2	中危	v1.45.1	1.65.0	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
stdlib	CVE-2025-47912	中危	v1.24.7	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.7	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.7	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.7	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.7	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.7	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.7	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.7	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.7	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.7	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.7	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.7	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.7	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.7	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/docker/docker	CVE-2025-54410	低危	v27.3.1+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40
stdlib	CVE-2025-58186	低危	v1.24.7	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/apm-server (gobinary)

低危漏洞:2

中危漏洞:33

高危漏洞:35

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.70.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.7	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/elastic/beats/v7	CVE-2025-68388	高危	v7.0.0-alpha2.0.20251001134442-c477023a9348	7.0.0-alpha2.0.20251209162832-28cfc80d2f4e	Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68388 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.34.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.34.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2025-47913	高危	v0.39.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2026-39827	高危	v0.39.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.39.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.39.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.39.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.40.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.40.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.40.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/apache/thrift	CVE-2026-41602	高危	v0.21.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-28 10:16 修改: 2026-06-17 10:46
github.com/elastic/apm-server	CVE-2024-23448	高危	v0.0.0-20251002165450-af83a0dc8fc8+dirty	8.12.1	APM Server vulnerable to Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23448 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2024-02-07 22:15 修改: 2026-06-17 07:12
stdlib	CVE-2025-61726	高危	v1.24.7	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.7	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.7	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.7	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-39834	中危	v0.39.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.39.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
github.com/elastic/beats/v7	CVE-2026-0528	中危	v7.0.0-alpha2.0.20251001134442-c477023a9348	7.0.0-alpha2.0.20251217054608-6e42552a23ce, 8.19.10, 9.1.10, 9.2.4	Metricbeat affected by multiple denial of service vulnerabilities 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0528 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-13 21:15 修改: 2026-06-17 10:10
github.com/elastic/beats/v7	CVE-2026-26931	中危	v7.0.0-alpha2.0.20251001134442-c477023a9348	7.0.0-alpha2.0.20260112100137-de072c4e371e	Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26931 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 17:16 修改: 2026-06-17 10:26
github.com/elastic/beats/v7	CVE-2026-26933	中危	v7.0.0-alpha2.0.20251001134442-c477023a9348	7.0.0-alpha2.0.20260126223743-dec1b31111ec	Packetbeat does not properly validate an array index in multiple protocol parser components 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26933 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 18:16 修改: 2026-06-17 10:26
github.com/elastic/apm-server	CVE-2024-37286	中危	v0.0.0-20251002165450-af83a0dc8fc8+dirty	8.14.0	APM Server vulnerable to Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37286 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2024-08-03 16:15 修改: 2026-06-17 07:38
github.com/elastic/beats/v7	CVE-2025-68383	中危	v7.0.0-alpha2.0.20251001134442-c477023a9348	8.19.9, 9.1.9, 9.2.3, 7.0.0-alpha2.0.20251204214633-dd3af18220bf	Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68383 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
golang.org/x/crypto	CVE-2025-47914	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/net	CVE-2025-47911	中危	v0.40.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.40.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.39.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.39.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
stdlib	CVE-2025-47912	中危	v1.24.7	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.7	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.7	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.7	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.7	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.7	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.7	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.7	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.7	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.7	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.7	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.7	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.7	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.7	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.24.7	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/cloud-defend (gobinary)

低危漏洞:2

中危漏洞:26

高危漏洞:22

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.64.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.25.0	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
golang.org/x/net	CVE-2026-25680	高危	v0.36.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.36.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.36.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.36.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.36.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.36.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.36.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/distribution/distribution	CVE-2026-33540	高危	v2.8.2+incompatible		github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33540 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-06 15:17 修改: 2026-06-17 10:37
github.com/distribution/distribution	CVE-2026-35172	高危	v2.8.2+incompatible		github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35172 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-06 20:16 修改: 2026-06-17 10:40
stdlib	CVE-2025-61726	高危	v1.25.0	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.25.0	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.25.0	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.25.0	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.25.0	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.25.0	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.25.0	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.25.0	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.25.0	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.25.0	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.25.0	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.25.0	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.25.0	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/go-chi/chi/v5	CVE-2025-69725	中危	v5.2.2	5.2.4	go-chi/chi: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-19 17:24 修改: 2026-06-17 10:00
github.com/distribution/distribution	CVE-2026-41888	中危	v2.8.2+incompatible		github.com/distribution/distribution: Distribution: Security bypass allows unauthorized tag deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41888 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-14 18:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2025-22872	中危	v0.36.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50
golang.org/x/net	CVE-2025-47911	中危	v0.36.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.36.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-47910	中危	v1.25.0	1.25.1	net/http: CrossOriginProtection bypass in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47910 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-09-22 21:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-47912	中危	v1.25.0	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.25.0	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.25.0	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.25.0	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.25.0	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.25.0	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.25.0	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.25.0	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.25.0	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.25.0	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.25.0	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.25.0	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.25.0	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.25.0	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.25.0	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.25.0	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.25.0	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.25.0	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.25.0	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.25.0	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.25.0	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.25.0	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.30.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/cloudbeat (gobinary)

低危漏洞:7

中危漏洞:68

高危漏洞:58

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.71.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.0	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/containerd/containerd	CVE-2026-53488	高危	v1.7.27	1.7.33	CVE-2026-53488 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd/v2	CVE-2024-25621	高危	v2.0.5	2.0.7, 2.1.5, 2.2.0	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-06 19:15 修改: 2026-06-17 07:16
github.com/containerd/containerd/v2	CVE-2026-46680	高危	v2.0.5	2.0.9, 2.2.4, 2.3.1	containerd user ID handling bypass allows runAsNonRoot evasion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd/v2	CVE-2026-53488	高危	v2.0.5	2.0.10, 2.1.9, 2.2.5, 2.3.2	CVE-2026-53488 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/docker/cli	CVE-2025-15558	高危	v27.5.0+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-04 17:16 修改: 2026-06-17 08:38
github.com/docker/docker	CVE-2026-34040	高危	v27.5.0+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41567	高危	v27.5.0+incompatible		docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-05 02:17 修改: 2026-06-17 10:46
github.com/docker/docker	CVE-2026-42306	高危	v27.5.0+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47
github.com/elastic/beats/v7	CVE-2025-68388	高危	v7.0.0-alpha2.0.20250129050814-e8a6063479c2	7.0.0-alpha2.0.20251209162832-28cfc80d2f4e	Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68388 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.6.1	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-28 22:16 修改: 2026-06-17 10:51
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.13.1	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51
github.com/golang-jwt/jwt/v4	CVE-2025-30204	高危	v4.5.1	4.5.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08
github.com/golang-jwt/jwt/v5	CVE-2025-30204	高危	v5.2.1	5.2.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08
github.com/hashicorp/go-getter	CVE-2025-8959	高危	v1.7.6	1.7.9	github.com/hashicorp/go-getter: HashiCorp go-getter Arbitrary File Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8959 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-15 21:15 修改: 2026-06-17 10:08
github.com/hashicorp/go-getter	CVE-2026-4660	高危	v1.7.6	1.8.6	go-getter: go-getter: Arbitrary file reads via maliciously crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4660 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-09 14:16 修改: 2026-06-17 10:56
github.com/microsoft/kiota-http-go	CVE-2026-44503	高危	v1.4.7	1.5.5	Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44503 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-14 16:16 修改: 2026-06-17 10:50
github.com/moby/buildkit	CVE-2026-33747	高危	v0.17.2	0.28.1	BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33747 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-27 01:16 修改: 2026-06-17 10:38
github.com/moby/buildkit	CVE-2026-33748	高危	v0.17.2	0.28.1	github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33748 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
github.com/moby/spdystream	CVE-2026-35469	高危	v0.5.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-16 22:16 修改: 2026-06-17 10:40
github.com/opencontainers/selinux	CVE-2025-52881	高危	v1.11.1	1.13.0	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-06 21:15 修改: 2026-06-17 09:37
github.com/sigstore/rekor	CVE-2026-48702	高危	v1.3.6	1.5.2	Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48702 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/sigstore/timestamp-authority	CVE-2025-66564	高危	v1.2.2	2.0.3	github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66564 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-04 23:15 修改: 2026-06-17 09:57
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.35.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.35.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2025-47913	高危	v0.36.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2026-39827	高危	v0.36.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.36.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.36.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.38.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.38.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.38.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/containerd/containerd	CVE-2024-25621	高危	v1.7.27	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-06 19:15 修改: 2026-06-17 07:16
helm.sh/helm/v3	CVE-2025-53547	高危	v3.17.3	3.18.4, 3.17.4	helm.sh/helm/v3: Helm Chart Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-07-08 22:15 修改: 2026-06-17 09:38
github.com/containerd/containerd	CVE-2026-46680	高危	v1.7.27	1.7.32	containerd user ID handling bypass allows runAsNonRoot evasion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
stdlib	CVE-2025-22874	高危	v1.24.0	1.24.4	crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22874 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-06-11 17:15 修改: 2026-06-17 08:50
stdlib	CVE-2025-61726	高危	v1.24.0	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.0	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.0	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.0	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.0	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.0	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.0	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.0	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.0	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.0	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.0	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.0	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.0	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/go-git/go-git/v5	CVE-2026-34165	中危	v5.13.1	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.13.1	5.18.0	golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-08 14:16 修改: 2026-06-17 10:46
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.13.1	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.13.1	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
github.com/go-viper/mapstructure/v2	CVE-2025-11065	中危	v2.2.1	2.4.0	github.com/go-viper/mapstructure/v2: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11065 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-26 20:16 修改: 2026-06-25 04:17
github.com/go-viper/mapstructure/v2	GHSA-fv92-fjc5-jj9h	中危	v2.2.1	2.3.0	mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data 漏洞详情: https://github.com/advisories/GHSA-fv92-fjc5-jj9h 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-06-27 16:24 修改: 2025-06-27 16:24
golang.org/x/crypto	CVE-2025-47914	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.36.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.36.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.36.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
github.com/containerd/containerd/v2	CVE-2025-64329	中危	v2.0.5	2.0.7, 2.1.5, 2.2.0	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-07 05:16 修改: 2026-06-17 09:54
github.com/containerd/containerd/v2	CVE-2026-47262	中危	v2.0.5	2.0.10, 2.1.9, 2.2.5, 2.3.2	CVE-2026-47262 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.8	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	GHSA-xmrv-pmrh-hhx2	中危	v1.45.8	1.65.0	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/in-toto/in-toto-golang	GHSA-pmwq-pjrm-6p5r	中危	v0.9.0	0.11.0	in-toto-golang and in-toto-python have inconsistent negation behavior 漏洞详情: https://github.com/advisories/GHSA-pmwq-pjrm-6p5r 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-08 22:24 修改: 2026-05-08 22:24
github.com/containerd/containerd	CVE-2025-64329	中危	v1.7.27	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-07 05:16 修改: 2026-06-17 09:54
github.com/containerd/containerd	CVE-2026-47262	中危	v1.7.27	1.7.33	CVE-2026-47262 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/net	CVE-2025-47911	中危	v0.38.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.38.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
github.com/docker/docker	CVE-2026-33997	中危	v27.5.0+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41568	中危	v27.5.0+incompatible		github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46
helm.sh/helm/v3	CVE-2025-55198	中危	v3.17.3	3.18.5	helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-14 00:15 修改: 2026-06-17 09:41
helm.sh/helm/v3	CVE-2025-55199	中危	v3.17.3	3.18.5	helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-14 00:15 修改: 2026-06-17 09:41
helm.sh/helm/v3	CVE-2026-35206	中危	v3.17.3	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-09 21:16 修改: 2026-06-17 10:40
github.com/aws/aws-sdk-go-v2/service/lambda	GHSA-xmrv-pmrh-hhx2	中危	v1.69.8	1.88.5	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/sigstore/cosign/v2	CVE-2026-22703	中危	v2.2.4	2.6.2	github.com/sigstore/cosign: Cosign verification accepts any valid Rekor entry under certain conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22703 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-10 07:16 修改: 2026-06-17 10:20
github.com/elastic/beats/v7	CVE-2025-68383	中危	v7.0.0-alpha2.0.20250129050814-e8a6063479c2	8.19.9, 9.1.9, 9.2.3, 7.0.0-alpha2.0.20251204214633-dd3af18220bf	Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68383 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
github.com/sigstore/rekor	CVE-2026-23831	中危	v1.3.6	1.5.0	github.com/sigstore/rekor: Rekor denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-22 22:16 修改: 2026-06-17 10:22
github.com/sigstore/rekor	CVE-2026-24117	中危	v1.3.6	1.5.0	github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24117 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-22 22:16 修改: 2026-06-17 10:22
github.com/sigstore/sigstore	CVE-2026-24137	中危	v1.8.3	1.10.4	github.com/sigstore/sigstore: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24137 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-23 00:15 修改: 2026-06-17 10:22
github.com/elastic/beats/v7	CVE-2026-0528	中危	v7.0.0-alpha2.0.20250129050814-e8a6063479c2	7.0.0-alpha2.0.20251217054608-6e42552a23ce, 8.19.10, 9.1.10, 9.2.4	Metricbeat affected by multiple denial of service vulnerabilities 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0528 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-13 21:15 修改: 2026-06-17 10:10
github.com/ulikunitz/xz	CVE-2025-58058	中危	v0.5.12	0.5.15	github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58058 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-28 22:15 修改: 2026-06-17 09:43
go.mongodb.org/mongo-driver	CVE-2026-2303	中危	v1.14.0	1.17.7	CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2303 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-10 20:17 修改: 2026-06-17 10:30
github.com/elastic/beats/v7	CVE-2026-26931	中危	v7.0.0-alpha2.0.20250129050814-e8a6063479c2	7.0.0-alpha2.0.20260112100137-de072c4e371e	Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26931 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 17:16 修改: 2026-06-17 10:26
github.com/elastic/beats/v7	CVE-2026-26933	中危	v7.0.0-alpha2.0.20250129050814-e8a6063479c2	7.0.0-alpha2.0.20260126223743-dec1b31111ec	Packetbeat does not properly validate an array index in multiple protocol parser components 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26933 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 18:16 修改: 2026-06-17 10:26
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.74.1	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.6.1	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-01 17:17 修改: 2026-06-17 10:51
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:36
github.com/go-git/go-git/v5	CVE-2026-25934	中危	v5.13.1	5.16.5	go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-09 23:16 修改: 2026-06-17 10:25
stdlib	CVE-2025-0913	中危	v1.24.0	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27
stdlib	CVE-2025-22870	中危	v1.24.0	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50
stdlib	CVE-2025-22871	中危	v1.24.0	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50
stdlib	CVE-2025-22873	中危	v1.24.0	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50
stdlib	CVE-2025-4673	中危	v1.24.0	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33
stdlib	CVE-2025-47906	中危	v1.24.0	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-47907	中危	v1.24.0	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-47912	中危	v1.24.0	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.0	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.0	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.0	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.0	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.0	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.0	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.0	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.0	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.0	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.0	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.0	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.0	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.0	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.0	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.0	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.0	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.0	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.0	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.0	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.13.1	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52
github.com/cloudflare/circl	CVE-2026-1229	低危	v1.3.8	1.6.3	CIRCL has an incorrect calculation in secp384r1 CombinedMult 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-24 08:16 修改: 2026-06-17 10:15
github.com/docker/docker	CVE-2025-54410	低危	v27.5.0+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40
github.com/cloudflare/circl	CVE-2025-8556	低危	v1.3.8	1.6.1	github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-08-06 09:15 修改: 2026-06-17 10:07
github.com/go-git/go-git/v5	CVE-2026-33762	低危	v5.13.1	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38
stdlib	CVE-2025-58186	低危	v1.24.0	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.0	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.31.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/fleet-server (gobinary)

低危漏洞:2

中危漏洞:29

高危漏洞:31

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.25.1	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
golang.org/x/crypto	CVE-2026-39827	高危	v0.42.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.42.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.42.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.42.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.44.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.44.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.44.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.44.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.44.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.44.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.44.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-07 21:17 修改: 2026-06-17 10:29
golang.org/x/crypto	CVE-2025-47913	高危	v0.42.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-61726	高危	v1.25.1	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.25.1	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.25.1	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.25.1	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.25.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.25.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.25.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.25.1	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.25.1	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.25.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.25.1	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.25.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.25.1	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46598	中危	v0.42.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2025-47911	中危	v0.44.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.44.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
github.com/go-chi/chi/v5	CVE-2025-69725	中危	v5.2.3	5.2.4	go-chi/chi: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-19 17:24 修改: 2026-06-17 10:00
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.42.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.42.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.42.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
stdlib	CVE-2025-47912	中危	v1.25.1	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.25.1	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.25.1	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.25.1	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.25.1	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.25.1	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.25.1	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.25.1	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.25.1	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.25.1	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.25.1	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.25.1	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.25.1	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.25.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.25.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.25.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.25.1	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.25.1	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.25.1	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.25.1	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.25.1	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.25.1	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.36.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/osquery-extension.ext (gobinary)

低危漏洞:2

中危漏洞:20

高危漏洞:14

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.24.7	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/apache/thrift	CVE-2026-41602	高危	v0.20.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-28 10:16 修改: 2026-06-17 10:46
stdlib	CVE-2025-61726	高危	v1.24.7	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.7	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.7	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.7	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-47912	中危	v1.24.7	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.7	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.7	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.7	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.7	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.7	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.7	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.7	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.7	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.7	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.7	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.7	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.7	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.7	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.24.7	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/pf-elastic-collector (gobinary)

低危漏洞:2

中危漏洞:28

高危漏洞:31

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
golang.org/x/crypto	CVE-2026-39827	高危	v0.38.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.38.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.38.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.40.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.40.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.40.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.36.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-07 21:17 修改: 2026-06-17 10:29
golang.org/x/crypto	CVE-2025-47913	高危	v0.38.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-61726	高危	v1.24.6	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.6	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.6	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.6	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2025-58190	中危	v0.40.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2025-58181	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.38.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.38.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.38.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2025-47914	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-47911	中危	v0.40.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-47912	中危	v1.24.6	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.6	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.6	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.6	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.6	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.6	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.6	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.6	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.6	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.6	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.6	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.6	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.6	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.6	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.24.6	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/pf-elastic-symbolizer (gobinary)

低危漏洞:2

中危漏洞:30

高危漏洞:31

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
golang.org/x/crypto	CVE-2026-39827	高危	v0.38.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.38.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.38.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.40.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.40.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.40.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.36.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-07 21:17 修改: 2026-06-17 10:29
golang.org/x/crypto	CVE-2025-47913	高危	v0.38.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
stdlib	CVE-2025-61726	高危	v1.24.6	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.6	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.6	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.6	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-39831	中危	v0.38.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.38.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.38.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2025-47911	中危	v0.40.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.40.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-46598	中危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.62.0	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.10	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
golang.org/x/crypto	CVE-2025-47914	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
stdlib	CVE-2025-47912	中危	v1.24.6	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.6	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.6	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.6	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.6	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.6	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.6	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.6	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.6	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.6	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.6	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.6	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.6	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.6	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.24.6	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/components/pf-host-agent (gobinary)

低危漏洞:2

中危漏洞:32

高危漏洞:38

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/containerd/containerd/v2	CVE-2026-53488	高危	v2.0.5	2.0.10, 2.1.9, 2.2.5, 2.3.2	CVE-2026-53488 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/docker/docker	CVE-2026-34040	高危	v28.3.3+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41567	高危	v28.3.3+incompatible		docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-05 02:17 修改: 2026-06-17 10:46
github.com/docker/docker	CVE-2026-42306	高危	v28.3.3+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47
github.com/opencontainers/selinux	CVE-2025-52881	高危	v1.12.0	1.13.0	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-06 21:15 修改: 2026-06-17 09:37
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.36.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-07 21:17 修改: 2026-06-17 10:29
golang.org/x/crypto	CVE-2025-47913	高危	v0.38.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2026-39827	高危	v0.38.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.38.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.38.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.38.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.40.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.40.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.40.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.40.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/containerd/containerd/v2	CVE-2024-25621	高危	v2.0.5	2.0.7, 2.1.5, 2.2.0	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-06 19:15 修改: 2026-06-17 07:16
github.com/containerd/containerd/v2	CVE-2026-46680	高危	v2.0.5	2.0.9, 2.2.4, 2.3.1	containerd user ID handling bypass allows runAsNonRoot evasion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
stdlib	CVE-2025-61726	高危	v1.24.6	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.6	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.6	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.6	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/containerd/containerd/v2	CVE-2026-47262	中危	v2.0.5	2.0.10, 2.1.9, 2.2.5, 2.3.2	CVE-2026-47262 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/containerd/containerd/v2	CVE-2025-64329	中危	v2.0.5	2.0.7, 2.1.5, 2.2.0	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-07 05:16 修改: 2026-06-17 09:54
github.com/docker/docker	CVE-2026-33997	中危	v28.3.3+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41568	中危	v28.3.3+incompatible		github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46
golang.org/x/crypto	CVE-2025-47914	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.38.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.38.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2025-47911	中危	v0.40.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.40.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39833	中危	v0.38.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.38.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.38.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
stdlib	CVE-2025-47912	中危	v1.24.6	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.6	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.6	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.6	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.6	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.6	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.6	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.6	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.6	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.6	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.6	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.6	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.6	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.6	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
stdlib	CVE-2025-58186	低危	v1.24.6	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/share/elastic-agent/data/elastic-agent-bb58d0/elastic-agent (gobinary)

低危漏洞:4

中危漏洞:46

高危漏洞:45

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.70.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-20 23:16 修改: 2026-06-17 10:37
stdlib	CVE-2025-68121	严重	v1.24.7	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58
github.com/docker/docker	CVE-2026-34040	高危	v27.5.1+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41567	高危	v27.5.1+incompatible		docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-05 02:17 修改: 2026-06-17 10:46
github.com/docker/docker	CVE-2026-42306	高危	v27.5.1+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47
github.com/elastic/beats/v7	CVE-2025-68388	高危	v7.0.0-alpha2.0.20241212201805-58af1537830b	7.0.0-alpha2.0.20251209162832-28cfc80d2f4e	Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68388 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
github.com/expr-lang/expr	CVE-2025-29786	高危	v1.16.9	1.17.0	github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29786 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-17 14:15 修改: 2026-06-17 09:05
github.com/expr-lang/expr	CVE-2025-68156	高危	v1.16.9	1.17.7	github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68156 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-16 19:16 修改: 2026-06-17 09:58
github.com/golang-jwt/jwt/v4	CVE-2025-30204	高危	v4.5.0	4.5.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08
github.com/golang-jwt/jwt/v5	CVE-2025-30204	高危	v5.2.1	5.2.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.54.1	0.311.3	github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.54.1	0.311.3, 0.305.2	github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.36.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-07 21:17 修改: 2026-06-17 10:29
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.36.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.36.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2025-47913	高危	v0.36.0	0.43.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2026-39827	高危	v0.36.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.36.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.36.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.36.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.38.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.38.0	0.53.0	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.38.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.38.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
github.com/antchfx/xpath	CVE-2026-32287	高危	v1.3.3	1.3.6	github.com/antchfx/xpath: github.com/antchfx/xpath: Denial of Service due to infinite loop via boolean XPath expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32287 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:35
github.com/apache/thrift	CVE-2026-41602	高危	v0.21.0	0.23.0	github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41602 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-28 10:16 修改: 2026-06-17 10:46
stdlib	CVE-2025-61726	高危	v1.24.7	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61729	高危	v1.24.7	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50
stdlib	CVE-2026-25679	高危	v1.24.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:25
stdlib	CVE-2026-27145	高危	v1.24.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32280	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32281	高危	v1.24.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32283	高危	v1.24.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-33811	高危	v1.24.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-33814	高危	v1.24.7	1.25.10, 1.26.3	net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
stdlib	CVE-2026-39820	高危	v1.24.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39836	高危	v1.24.7	1.25.10, 1.26.3	ELSA-2026-22121: golang security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42499	高危	v1.24.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:47
stdlib	CVE-2026-42504	高危	v1.24.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-39834	中危	v0.36.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.36.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
github.com/prometheus/prometheus	CVE-2026-44903	中危	v0.54.1	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-26 22:16 修改: 2026-06-17 10:51
go.mongodb.org/mongo-driver	CVE-2026-2303	中危	v1.14.0	1.17.7	CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2303 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-10 20:17 修改: 2026-06-17 10:30
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.62.0	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	CVE-2026-39882	中危	v0.10.0	0.19.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	CVE-2026-39882	中危	v1.34.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.34.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42
github.com/elastic/beats/v7	CVE-2025-68383	中危	v7.0.0-alpha2.0.20241212201805-58af1537830b	8.19.9, 9.1.9, 9.2.3, 7.0.0-alpha2.0.20251204214633-dd3af18220bf	Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68383 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
golang.org/x/net	CVE-2025-47911	中危	v0.38.0	0.45.0	golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28
golang.org/x/net	CVE-2025-58190	中危	v0.38.0	0.45.0	golang.org/x/net/html: Infinite parsing loop in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44
github.com/elastic/beats/v7	CVE-2026-0528	中危	v7.0.0-alpha2.0.20241212201805-58af1537830b	7.0.0-alpha2.0.20251217054608-6e42552a23ce, 8.19.10, 9.1.10, 9.2.4	Metricbeat affected by multiple denial of service vulnerabilities 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0528 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-13 21:15 修改: 2026-06-17 10:10
github.com/elastic/beats/v7	CVE-2026-26931	中危	v7.0.0-alpha2.0.20241212201805-58af1537830b	7.0.0-alpha2.0.20260112100137-de072c4e371e	Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26931 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 17:16 修改: 2026-06-17 10:26
github.com/elastic/beats/v7	CVE-2026-26933	中危	v7.0.0-alpha2.0.20241212201805-58af1537830b	7.0.0-alpha2.0.20260126223743-dec1b31111ec	Packetbeat does not properly validate an array index in multiple protocol parser components 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26933 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-19 18:16 修改: 2026-06-17 10:26
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.0.0-20221128193559-754e69321358	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:36
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.4	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/go-viper/mapstructure/v2	CVE-2025-11065	中危	v2.3.0	2.4.0	github.com/go-viper/mapstructure/v2: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11065 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-26 20:16 修改: 2026-06-25 04:17
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	GHSA-xmrv-pmrh-hhx2	中危	v1.37.5	1.65.0	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/docker/docker	CVE-2026-33997	中危	v27.5.1+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
github.com/docker/docker	CVE-2026-41568	中危	v27.5.1+incompatible		github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46
github.com/eclipse/paho.mqtt.golang	CVE-2025-10543	中危	v1.3.5	1.5.1	paho.mqtt.golang: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10543 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-02 09:15 修改: 2026-06-17 08:28
github.com/prometheus/prometheus	CVE-2026-40179	中危	v0.54.1	0.311.2-0.20260410083055-07c6232d159b	Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-15 23:16 修改: 2026-06-17 10:44
golang.org/x/crypto	CVE-2025-47914	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28
golang.org/x/crypto	CVE-2025-58181	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44
golang.org/x/crypto	CVE-2026-39831	中危	v0.36.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39833	中危	v0.36.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
stdlib	CVE-2025-47912	中危	v1.24.7	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28
stdlib	CVE-2025-58183	中危	v1.24.7	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58185	中危	v1.24.7	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58187	中危	v1.24.7	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58188	中危	v1.24.7	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-58189	中危	v1.24.7	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2025-61723	中危	v1.24.7	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61724	中危	v1.24.7	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61725	中危	v1.24.7	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61727	中危	v1.24.7	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61728	中危	v1.24.7	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2025-61730	中危	v1.24.7	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50
stdlib	CVE-2026-27142	中危	v1.24.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
stdlib	CVE-2026-32282	中危	v1.24.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32288	中危	v1.24.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-32289	中危	v1.24.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35
stdlib	CVE-2026-39823	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39825	中危	v1.24.7	1.25.10, 1.26.3	net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-39826	中危	v1.24.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42
stdlib	CVE-2026-42507	中危	v1.24.7	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47
github.com/docker/docker	CVE-2025-54410	低危	v27.5.1+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2024-11-04 22:15 修改: 2026-06-17 08:06
stdlib	CVE-2025-58186	低危	v1.24.7	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44
stdlib	CVE-2026-27139	低危	v1.24.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26
golang.org/x/sys	CVE-2026-39824	未知	v0.33.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:37287465dd6119a7bc11fd0a48badcea9b588127437ffd716a8808fac35d587c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42