docker.elastic.co/kibana/kibana:8.19.15 linux/amd64

docker.elastic.co/kibana/kibana:8.19.15 - Trivy安全扫描结果扫描时间: 2026-05-14 15:15

全部漏洞信息

低危漏洞:12

中危漏洞:63

高危漏洞:19

严重漏洞:0

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-05-14 15:15

docker.elastic.co/kibana/kibana:8.19.15 (ubuntu 24.04) (ubuntu)

低危漏洞:9

中危漏洞:31

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
curl	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-07 09:16 修改: 2026-03-09 15:15
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-09 16:16 修改: 2026-05-07 22:16
libcurl4t64	CVE-2026-5545	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-6253	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-6429	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-7168	中危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libexpat1	CVE-2025-66382	中危	2.6.1-2ubuntu0.4		libexpat: libexpat: Denial of service via crafted file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 2025-11-28 07:15 修改: 2026-05-12 13:17
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libnghttp2-14	CVE-2026-27135	中危	1.59.0-1ubuntu0.2	1.59.0-1ubuntu0.3	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 2026-03-18 18:16 修改: 2026-03-23 17:51
libpng16-16t64	CVE-2026-33416	中危	1.6.43-5ubuntu0.5	1.6.43-5ubuntu0.6	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33416 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 2026-03-26 17:16 修改: 2026-04-02 20:28
libpng16-16t64	CVE-2026-33636	中危	1.6.43-5ubuntu0.5	1.6.43-5ubuntu0.6	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33636 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 2026-03-26 17:16 修改: 2026-04-02 18:42
libpng16-16t64	CVE-2026-34757	中危	1.6.43-5ubuntu0.5	1.6.43-5ubuntu0.6	libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 2026-04-09 15:16 修改: 2026-05-09 11:16
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	When sed is invoked with both -i (in-place edit) and --follow-symlinks ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-20 12:16 修改: 2026-04-20 19:05
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
curl	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
curl	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
curl	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-4873	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-5773	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-6276	低危	8.5.0-2ubuntu10.8	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:5edf2d9d61ead1b9fa7b32ba5bbde3a2149adc0e94def019c2819df79b058a65 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

Node.js (node-pkg)

低危漏洞:3

中危漏洞:32

高危漏洞:19

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
@opentelemetry/exporter-prometheus	CVE-2026-44902	高危	0.213.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/sdk-node	CVE-2026-44902	高危	0.213.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-42033	高危	1.15.0	1.15.1, 0.31.1	axios: Axios: HTTP Transport Hijacking via Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:02
axios	CVE-2026-42035	高危	1.15.0	1.15.1, 0.31.1	axios: Axios: Arbitrary HTTP header injection via prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:58
axios	CVE-2026-42043	高危	1.15.0	1.15.1, 0.31.1	axios: Axios: NO_PROXY bypass via crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:05
axios	CVE-2026-42264	高危	1.15.0	1.15.2	Axios is a promise based HTTP client for the browser and Node.js. From ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-08 04:16 修改: 2026-05-08 16:02
basic-ftp	CVE-2026-41324	高危	5.2.1	5.3.0	basic-ftp: basic-ftp: Denial of Service via unbounded memory growth from malicious directory listings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41324 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 04:16 修改: 2026-04-27 17:48
basic-ftp	CVE-2026-44240	高危	5.2.1	5.3.1	basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44240 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-12 21:16 修改: 2026-05-12 21:16
basic-ftp	GHSA-6v7q-wjvx-w8wg	高危	5.2.1	5.2.2	basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands 漏洞详情: https://github.com/advisories/GHSA-6v7q-wjvx-w8wg 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-10 20:18 修改: 2026-04-10 20:18
fast-uri	CVE-2026-6321	高危	3.0.3	3.1.1	fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri	CVE-2026-6322	高危	3.0.3	3.1.2	fast-uri normalize() decoded percent-encoded authority delimiters insi ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-xml-builder	CVE-2026-44665	高危	1.1.4	1.1.7	fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44665 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
lodash	CVE-2026-4800	高危	4.17.23	4.18.0	lodash: lodash: Arbitrary code execution via untrusted input in template imports 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-31 20:16 修改: 2026-05-01 18:09
protobufjs	CVE-2026-44289	高危	7.5.5	7.5.6, 8.0.2	protobuf.js: Denial of service through unbounded protobuf recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44290	高危	7.5.5	7.5.6, 8.0.2	protobuf.js: Process-wide denial of service through unsafe option paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44291	高危	7.5.5	7.5.6, 8.0.2	protobuf.js: Code generation gadget after prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44293	高危	7.5.5	7.5.6, 8.0.2	protobuf.js: Code injection through bytes field defaults in generated toObject code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
systeminformation	CVE-2026-26280	高危	5.30.3	5.30.8	systeminformation: systeminformation: Arbitrary command execution via unsanitized network interface parameter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26280 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-02-19 20:25 修改: 2026-02-20 20:10
systeminformation	CVE-2026-26318	高危	5.30.3	5.31.0	systeminformation: systeminformation: Arbitrary code execution via unsanitized `locate` output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26318 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-02-19 20:25 修改: 2026-02-20 19:51
dompurify	CVE-2026-41238	中危	3.3.2	3.4.0	DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify	CVE-2026-41239	中危	3.3.2	3.4.0	DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify	CVE-2026-41240	中危	3.3.2	3.4.0	DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify	GHSA-39q2-94rc-95cp	中危	3.3.2	3.4.0	DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation 漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
axios	CVE-2026-42037	中危	1.15.0	1.15.1	axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:54
axios	CVE-2026-42038	中危	1.15.0	1.15.1, 0.31.1	axios: Axios: Information disclosure due to `no_proxy` bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:52
axios	CVE-2026-42039	中危	1.15.0	1.15.1, 0.31.1	axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:50
fast-xml-parser	CVE-2026-41650	中危	5.5.7	5.7.0	fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-07 15:16 修改: 2026-05-12 20:30
follow-redirects	GHSA-r4q5-vmmm-2653	中危	1.15.11	1.16.0	follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets 漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11
ip-address	CVE-2026-42338	中危	9.0.5	10.1.1	ip-address has XSS in Address6 HTML-emitting methods 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-05-12 20:16 修改: 2026-05-12 20:16
langsmith	CVE-2026-40190	中危	0.5.7	0.5.18	LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40190 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-10 20:16 修改: 2026-04-29 20:59
langsmith	CVE-2026-41182	中危	0.5.7	0.5.19	LangSmith SDK: Streaming token events bypass output redaction 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41182 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-23 02:16 修改: 2026-04-29 20:46
axios	CVE-2026-42041	中危	1.15.0	1.15.1, 0.31.1	axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:07
lodash	CVE-2026-2950	中危	4.17.23	4.18.0	lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-31 20:16 修改: 2026-04-07 16:12
nodemailer	GHSA-vvjj-xcjg-gr5g	中危	7.0.11	8.0.5	Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) 漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05
prismjs	CVE-2024-53382	中危	1.27.0	1.30.0	prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2025-03-03 07:15 修改: 2025-06-27 13:08
axios	CVE-2026-42042	中危	1.15.0	1.15.1, 0.31.1	axios: Axios: XSRF token bypass leading to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:05
axios	CVE-2026-42044	中危	1.15.0	1.15.2	Axios is a promise based HTTP client for the browser and Node.js. From ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:04
@protobufjs/utf8	CVE-2026-44288	中危	1.1.0	1.1.1	protobufjs has overlong UTF-8 decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-42034	中危	1.15.0	1.15.1, 0.31.1	axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:59
protobufjs	CVE-2026-44288	中危	7.5.5	7.5.6, 8.0.2	protobufjs has overlong UTF-8 decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44292	中危	7.5.5	7.5.6, 8.0.2	protobuf.js: Prototype injection in generated message constructors 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44294	中危	7.5.5	7.5.6, 8.0.2	protobuf.js: Denial of service from crafted field names in generated code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-42036	中危	1.15.0	1.15.1, 0.31.1	axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:57
bn.js	CVE-2026-2739	中危	4.11.9	4.12.3, 5.2.3	bn.js: bn.js: Denial of Service via calling maskn(0) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2739 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-02-20 05:17 修改: 2026-04-15 00:35
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	13.0.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
yaml	CVE-2026-33532	中危	1.10.2	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
yaml	CVE-2026-33532	中危	2.3.4	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
yaml	CVE-2026-33532	中危	2.3.4	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
nodemailer	GHSA-c7w3-x93f-qmm8	低危	7.0.11	8.0.4	Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter 漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26
axios	CVE-2026-42040	低危	1.15.0	1.15.1, 0.31.1	Axios is a promise based HTTP client for the browser and Node.js. Prio ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:09
@tootallnate/once	CVE-2026-3449	低危	2.0.0	3.0.1	@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449 镜像层: sha256:027a2ef9850bd344f934a8de48d985c756062d55adb0a2c6ccaa62f96bfaa35e 发布日期: 2026-03-03 05:17 修改: 2026-04-29 01:00