| org.apache.tika:tika-core |
CVE-2025-66516 |
严重 |
1.28.5 |
3.2.2 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-12-04 17:15 修改: 2025-12-30 16:15
|
| org.apache.tika:tika-parsers |
CVE-2025-54988 |
严重 |
1.28.5 |
2.0.0-ALPHA |
org.apache.tika/tika-parser-pdf-module: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54988
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-08-20 20:15 修改: 2025-11-04 22:16
|
| org.apache.tika:tika-parsers |
CVE-2025-66516 |
严重 |
1.28.5 |
2.0.0 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-12-04 17:15 修改: 2025-12-30 16:15
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.104.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-02-10 22:15 修改: 2025-09-05 17:20
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.104.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-06-11 22:16 修改: 2026-06-15 02:30
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.104.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:15
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.104.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-06-12 16:16 修改: 2026-06-15 02:31
|
| net.minidev:json-smart |
CVE-2024-57699 |
高危 |
2.5.0 |
2.5.2 |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-02-05 22:15 修改: 2026-04-15 00:35
|
| com.thoughtworks.xstream:xstream |
CVE-2024-47072 |
高危 |
1.4.20 |
1.4.21 |
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47072
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2024-11-08 00:15 修改: 2026-04-15 00:35
|
| dnsjava:dnsjava |
CVE-2024-25638 |
高危 |
2.1.9 |
3.6.0 |
dnsjava: Improper response validation allowing DNSSEC bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25638
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2024-07-22 14:15 修改: 2026-04-15 00:35
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.104.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:22
|
| org.apache.xmlgraphics:batik-bridge |
CVE-2022-44729 |
高危 |
1.16 |
1.17 |
batik: Server-Side Request Forgery vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44729
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2023-08-22 19:16 修改: 2025-02-13 17:15
|
| org.apache.xmlgraphics:batik-transcoder |
CVE-2022-44729 |
高危 |
1.16 |
1.17 |
batik: Server-Side Request Forgery vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44729
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2023-08-22 19:16 修改: 2025-02-13 17:15
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.22.1 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-04-10 16:16 修改: 2026-05-06 18:21
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.22.1 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-12-18 21:15 修改: 2026-01-20 01:15
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.22.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-04-10 16:16 修改: 2026-05-06 16:49
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34478 |
中危 |
2.22.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:10
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.22.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:21
|
| com.jayway.jsonpath:json-path |
CVE-2023-51074 |
中危 |
2.8.0 |
2.9.0 |
json-path: stack-based buffer overflow in Criteria.parse method
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51074
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2023-12-27 21:15 修改: 2025-09-12 18:45
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.16.1 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.104.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-09-04 10:42 修改: 2025-09-08 16:45
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.104.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2024-11-12 16:15 修改: 2025-09-05 14:00
|
| org.apache.xmlgraphics:batik-script |
CVE-2022-44730 |
中危 |
1.16 |
1.17 |
batik: Server-Side Request Forgery vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-44730
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2023-08-22 19:16 修改: 2025-02-13 17:15
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.104.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-02-10 22:15 修改: 2025-06-11 15:36
|
| org.mozilla:rhino |
CVE-2025-66453 |
低危 |
1.7.14 |
1.7.14.1, 1.7.15.1, 1.8.1 |
Rhino is an open-source implementation of JavaScript written entirely ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66453
镜像层: sha256:d2ab24cd2ce60c9362d97a9b7a6f93243ad85e5a9ee359c2a377955d949dacac
发布日期: 2025-12-03 20:16 修改: 2026-04-14 15:39
|