docker.io/2fauth/2fauth:7.0.1 linux/amd64

docker.io/2fauth/2fauth:7.0.1 - Trivy安全扫描结果 扫描时间: 2026-06-23 17:36
全部漏洞信息
低危漏洞:22 中危漏洞:29 高危漏洞:16 严重漏洞:1

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-06-23 17:36

docker.io/2fauth/2fauth:7.0.1 (alpine 3.23.4) (alpine)
低危漏洞:20 中危漏洞:9 高危漏洞:2 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
nginx CVE-2026-42055 严重 1.28.3-r3 1.28.3-r4 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42055

镜像层: sha256:dbb7a159e3280325cc06b31319a68ae7767aed39c261e3486d4928d011a4ba24

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libssl3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libcrypto3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libcrypto3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
nginx CVE-2026-48142 中危 1.28.3-r3 1.28.3-r4 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48142

镜像层: sha256:dbb7a159e3280325cc06b31319a68ae7767aed39c261e3486d4928d011a4ba24

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcrypto3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libcrypto3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libssl3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libssl3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libssl3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libcrypto3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
srv/vendor/composer/installed.json (composer-vendor)
低危漏洞:2 中危漏洞:15 高危漏洞:4 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
laravel/framework GHSA-5vg9-5847-vvmq 高危 v12.53.0 13.10.0, 12.60.0 Laravel Framework: CRLF injection in default email rule

漏洞详情: https://github.com/advisories/GHSA-5vg9-5847-vvmq

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-06-17 13:53 修改: 2026-06-17 13:53
phpseclib/phpseclib CVE-2026-32935 高危 3.0.49 3.0.50, 2.0.52, 1.0.27 phpseclib is a PHP secure communications library. Projects using versi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32935

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-03-20 03:16 修改: 2026-05-08 16:16
phpseclib/phpseclib CVE-2026-44167 高危 3.0.49 1.0.29, 2.0.54, 3.0.52 phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44167

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-05-12 18:17 修改: 2026-05-13 18:24
symfony/mime CVE-2026-45067 高危 v7.4.6 5.0.0, 5.1.0, 5.2.0, 3.0.0, 5.4.52, 6.3.0, 6.4.40, 7.4.12, 4.0.0, 5.4.0, 6.2.0, 7.1.0, 7.2.0, 7.4.0, 8.0.12, 5.3.0, 6.1.0, 6.4.0, 7.3.0 CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45067

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/psr7 CVE-2026-55766 中危 2.8.0 2.12.1 CRLF injection in HTTP start-line serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55766

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/guzzle CVE-2026-55568 中危 7.10.0 7.12.1 Silent HTTPS proxy downgrade to cleartext

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55568

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
laravel/framework GHSA-crmm-hgp2-wgrp 中危 v12.53.0 13.12.0, 12.61.1 Laravel Framework: Temporary Signed URL Path Confusion

漏洞详情: https://github.com/advisories/GHSA-crmm-hgp2-wgrp

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-06-17 13:54 修改: 2026-06-17 13:54
league/commonmark CVE-2026-30838 中危 2.8.0 2.8.1 league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, th ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-30838

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-03-07 16:15 修改: 2026-03-11 20:24
league/commonmark CVE-2026-33347 中危 2.8.0 2.8.2 league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33347

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-03-24 20:16 修改: 2026-04-08 19:01
guzzlehttp/guzzle CVE-2026-55767 中危 7.10.0 7.12.1 Dot-only cookie domains match all hosts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55767

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/psr7 CVE-2026-48998 中危 2.8.0 2.10.2 guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:52
phpseclib/phpseclib GHSA-m557-wrgg-6rp4 中危 3.0.49 1.0.30, 2.0.55, 3.0.54 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

漏洞详情: https://github.com/advisories/GHSA-m557-wrgg-6rp4

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-06-16 15:03 修改: 2026-06-16 15:03
symfony/http-foundation CVE-2026-48736 中危 v7.4.6 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.4.13, 8.0.13, 6.4.41 CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48736

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/http-kernel CVE-2026-45075 中危 v7.4.6 7.4.12, 8.0.12 CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45075

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/mailer CVE-2026-45068 中危 v7.4.6 5.3.0, 6.1.0, 6.2.0, 7.2.0, 7.3.0, 3.0.0, 4.0.0, 5.4.52, 6.4.0, 7.1.0, 7.4.0, 7.4.12, 6.3.0, 6.4.40, 5.1.0, 5.4.0, 8.0.12, 5.0.0, 5.2.0 CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45068

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/psr7 CVE-2026-49214 中危 2.8.0 2.10.2 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:41
symfony/mime CVE-2026-45070 中危 v7.4.6 5.0.0, 5.2.0, 5.4.0, 6.2.0, 6.3.0, 6.4.40, 7.2.0, 7.4.0, 4.0.0, 5.3.0, 6.1.0, 8.0.12, 6.4.0, 7.1.0, 7.4.12, 3.0.0, 5.1.0, 5.4.52, 7.3.0 CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45070

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/routing CVE-2026-45065 中危 v7.4.6 5.2.0, 5.3.0, 5.4.52, 6.2.0, 7.1.0, 7.3.0, 5.4.0, 6.3.0, 6.4.0, 6.4.40, 7.4.0, 8.0.12, 6.1.0, 7.2.0, 7.4.12, 5.0.0, 5.1.0, 3.0.0, 4.0.0 CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45065

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/routing CVE-2026-48784 中危 v7.4.6 6.1.0, 6.2.0, 7.1.0, 7.2.0, 5.1.0, 6.4.0, 7.3.0, 3.0.0, 4.0.0, 5.3.0, 5.4.0, 7.4.13, 8.0.13, 5.0.0, 5.2.0, 6.3.0, 6.4.41, 7.4.0, 5.4.53 CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48784

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
phpseclib/phpseclib CVE-2026-40194 低危 3.0.49 1.0.28, 2.0.53, 3.0.51 phpseclib is a PHP secure communications library. Starting in 0.1.1 an ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40194

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 2026-04-10 21:16 修改: 2026-05-08 16:16
symfony/polyfill-intl-idn CVE-2026-46644 低危 v1.33.0 1.38.1 [insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46644

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
laravel/framework CVE-2026-48019 未知 v12.53.0 11.0.0, 12.0.0, 12.60.0, 13.10.0, 10.0.0 [CRLF injection in default email rule]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48019

镜像层: sha256:349f294dbb36d0c7ca96f144e6c758d43eb0832a4521eb03d0b9752ff4281e9b

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
usr/local/bin/supervisord (gobinary)
低危漏洞:0 中危漏洞:5 高危漏洞:10 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/prometheus/client_golang CVE-2022-21698 高危 v1.10.0 1.11.1 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21698

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2022-02-15 16:15 修改: 2024-11-21 06:45
github.com/sirupsen/logrus CVE-2025-65637 高危 v1.8.1 1.8.3, 1.9.1, 1.9.3 github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65637

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2025-12-04 19:16 修改: 2025-12-23 00:26
stdlib CVE-2026-33811 高危 v1.26.2 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.26.2 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib CVE-2026-39820 高危 v1.26.2 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib CVE-2026-39823 高危 v1.26.2 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39825 高危 v1.26.2 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39836 高危 v1.26.2 1.25.10, 1.26.3 ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib CVE-2026-42499 高危 v1.26.2 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42504 高危 v1.26.2 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing many invalid enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/sys CVE-2022-29526 中危 v0.0.0-20210503080704-8803ae5d1324 0.0.0-20220412211240-33da011f77ad golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2022-06-23 17:15 修改: 2024-11-21 06:59
google.golang.org/protobuf CVE-2024-24786 中危 v1.26.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2026-27145 中危 v1.26.2 1.25.11, 1.26.4 *x509.Certificate).VerifyHostname previously called matchHostnames in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib CVE-2026-39826 中危 v1.26.2 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42507 中危 v1.26.2 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20210503080704-8803ae5d1324 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:3850a1a6fd449e564c66e2c173365bcf68afd7a1c5cc9859553bb67ae3f87f1a

发布日期: 2026-05-22 20:16 修改: 2026-05-27 14:16
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×