docker.io/alpine/k8s:1.28.4 linux/amd64

docker.io/alpine/k8s:1.28.4 - Trivy安全扫描结果扫描时间: 2026-05-20 05:48

全部漏洞信息

低危漏洞:31

中危漏洞:739

高危漏洞:354

严重漏洞:52

系统OS: alpine 3.18.4 扫描引擎: Trivy 扫描时间: 2026-05-20 05:48

docker.io/alpine/k8s:1.28.4 (alpine 3.18.4) (alpine)

低危漏洞:10

中危漏洞:73

高危漏洞:34

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
git	CVE-2024-32002	严重	2.40.1-r0	2.40.3-r0	git: Recursive clones RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32002 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-05-14 19:15 修改: 2025-11-04 17:15
libexpat	CVE-2024-45491	严重	2.5.0-r1	2.6.3-r0	libexpat: Integer Overflow or Wraparound 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libexpat	CVE-2024-45492	严重	2.5.0-r1	2.6.3-r0	libexpat: integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libxml2	CVE-2024-56171	严重	2.11.4-r0	2.11.8-r1	libxml2: Use-After-Free in libxml2 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56171 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2025-02-18 22:15 修改: 2025-11-03 21:17
sqlite-libs	CVE-2025-6965	严重	3.41.2-r2	3.41.2-r4	sqlite: Integer Truncation in SQLite 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6965 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-07-15 14:15 修改: 2026-04-14 10:16
git	CVE-2024-32465	高危	2.40.1-r0	2.40.3-r0	git: additional local RCE 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32465 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-05-14 20:15 修改: 2026-01-05 19:15
git	CVE-2024-52006	高危	2.40.1-r0	2.40.4-r0	git: Newline confusion in credential helpers can lead to credential exfiltration in git 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52006 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-01-14 19:15 修改: 2025-12-18 16:10
libcrypto3	CVE-2023-5363	高危	3.1.3-r0	3.1.4-r0	openssl: Incorrect cipher key and IV length processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-10-25 18:17 修改: 2026-05-12 11:16
libcrypto3	CVE-2024-6119	高危	3.1.3-r0	3.1.7-r0	openssl: Possible denial of service in X.509 name checks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
libcurl	CVE-2024-2398	高危	8.4.0-r0	8.7.1-r0	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libcurl	CVE-2024-6197	高危	8.4.0-r0	8.9.0-r0	curl: freeing stack buffer in utf8asn1str 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6197 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-24 08:15 修改: 2024-11-29 12:15
curl	CVE-2024-6197	高危	8.4.0-r0	8.9.0-r0	curl: freeing stack buffer in utf8asn1str 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6197 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-24 08:15 修改: 2024-11-29 12:15
curl	CVE-2024-2398	高危	8.4.0-r0	8.7.1-r0	curl: HTTP/2 push headers memory-leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libexpat	CVE-2023-52425	高危	2.5.0-r1	2.6.0-r0	expat: parsing large tokens can trigger a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52425 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-02-04 20:15 修改: 2025-11-04 19:16
libexpat	CVE-2024-28757	高危	2.5.0-r1	2.6.2-r0	expat: XML Entity Expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28757 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-10 05:15 修改: 2025-11-04 22:15
libexpat	CVE-2024-45490	高危	2.5.0-r1	2.6.3-r0	libexpat: Negative Length Parsing Vulnerability in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libexpat	CVE-2024-8176	高危	2.5.0-r1	2.7.0-r0	libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8176 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-03-14 09:15 修改: 2026-04-15 00:35
libssl3	CVE-2023-5363	高危	3.1.3-r0	3.1.4-r0	openssl: Incorrect cipher key and IV length processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-10-25 18:17 修改: 2026-05-12 11:16
libssl3	CVE-2024-6119	高危	3.1.3-r0	3.1.7-r0	openssl: Possible denial of service in X.509 name checks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
git	CVE-2024-32004	高危	2.40.1-r0	2.40.3-r0	git: RCE while cloning local repos 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32004 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-05-14 19:15 修改: 2026-01-06 17:09
libxml2	CVE-2024-25062	高危	2.11.4-r0	2.11.7-r0	libxml2: use-after-free in XMLReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25062 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2024-02-04 16:15 修改: 2025-11-03 22:16
libxml2	CVE-2025-24928	高危	2.11.4-r0	2.11.8-r1	libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24928 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2025-02-18 23:15 修改: 2025-11-03 22:18
libxml2	CVE-2025-27113	高危	2.11.4-r0	2.11.8-r2	libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27113 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2025-02-18 23:15 修改: 2025-11-03 22:18
libxml2	CVE-2025-32414	高危	2.11.4-r0	2.11.8-r3	libxml2: Out-of-Bounds Read in libxml2 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32414 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2025-04-08 03:15 修改: 2025-11-03 20:18
libxml2	CVE-2025-32415	高危	2.11.4-r0	2.11.8-r3	libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32415 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2025-04-17 17:15 修改: 2025-11-03 20:18
musl	CVE-2025-26519	高危	1.2.4-r1	1.2.4-r3	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
musl-utils	CVE-2025-26519	高危	1.2.4-r1	1.2.4-r3	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
python3	CVE-2024-6232	高危	3.11.6-r0	3.11.10-r0	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-09-03 13:15 修改: 2025-11-03 23:17
python3	CVE-2024-7592	高危	3.11.6-r0	3.11.10-r0	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-19 19:15 修改: 2025-11-03 23:17
python3	CVE-2024-9287	高危	3.11.6-r0	3.11.11-r0	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-10-22 17:15 修改: 2025-11-03 23:17
python3-pyc	CVE-2024-6232	高危	3.11.6-r0	3.11.10-r0	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-09-03 13:15 修改: 2025-11-03 23:17
python3-pyc	CVE-2024-7592	高危	3.11.6-r0	3.11.10-r0	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-19 19:15 修改: 2025-11-03 23:17
python3-pyc	CVE-2024-9287	高危	3.11.6-r0	3.11.11-r0	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-10-22 17:15 修改: 2025-11-03 23:17
python3-pycache-pyc0	CVE-2024-6232	高危	3.11.6-r0	3.11.10-r0	python: cpython: tarfile: ReDos via excessive backtracking while parsing header values 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-09-03 13:15 修改: 2025-11-03 23:17
python3-pycache-pyc0	CVE-2024-7592	高危	3.11.6-r0	3.11.10-r0	cpython: python: Uncontrolled CPU resource consumption when in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7592 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-19 19:15 修改: 2025-11-03 23:17
python3-pycache-pyc0	CVE-2024-9287	高危	3.11.6-r0	3.11.11-r0	python: Virtual environment (venv) activation scripts don't quote paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-10-22 17:15 修改: 2025-11-03 23:17
git	CVE-2024-32021	高危	2.40.1-r0	2.40.3-r0	git: symlink bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32021 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-05-14 20:15 修改: 2026-01-05 19:19
sqlite-libs	CVE-2023-7104	高危	3.41.2-r2	3.41.2-r3	sqlite: heap-buffer-overflow at sessionfuzz 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2023-12-29 10:15 修改: 2025-11-03 22:16
xz-libs	CVE-2025-31115	高危	5.4.3-r0	5.4.3-r1	xz: XZ has a heap-use-after-free bug in threaded .xz decoder 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31115 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-04-03 17:15 修改: 2026-05-12 13:16
busybox	CVE-2023-42364	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
curl	CVE-2023-46218	中危	8.4.0-r0	8.5.0-r0	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-07 01:15 修改: 2026-05-12 11:16
libcurl	CVE-2023-46218	中危	8.4.0-r0	8.5.0-r0	curl: information disclosure by exploiting a mixed case flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46218 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-07 01:15 修改: 2026-05-12 11:16
libcurl	CVE-2023-46219	中危	8.4.0-r0	8.5.0-r0	curl: excessively long file name may lead to unknown HSTS status 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46219 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-12 02:15 修改: 2026-05-12 11:16
libcurl	CVE-2024-0853	中危	8.4.0-r0	8.6.0-r0	curl: OCSP verification bypass with TLS session reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0853 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-02-03 14:15 修改: 2025-06-20 20:15
libcurl	CVE-2024-11053	中危	8.4.0-r0	8.11.1-r0	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-12-11 08:15 修改: 2025-11-03 21:16
libcurl	CVE-2024-2004	中危	8.4.0-r0	8.7.1-r0	curl: Usage of disabled protocol 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2004 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libcurl	CVE-2024-2379	中危	8.4.0-r0	8.7.1-r0	curl: QUIC certificate check bypass with wolfSSL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2379 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libcurl	CVE-2024-2466	中危	8.4.0-r0	8.7.1-r0	curl: TLS certificate check bypass with mbedTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2466 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libcurl	CVE-2024-6874	中危	8.4.0-r0	8.9.0-r0	curl: macidn punycode buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6874 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-24 08:15 修改: 2024-11-21 09:50
libcurl	CVE-2024-7264	中危	8.4.0-r0	8.9.1-r0	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-31 08:15 修改: 2025-11-03 23:17
libcurl	CVE-2024-8096	中危	8.4.0-r0	8.10.0-r0	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-09-11 10:15 修改: 2025-07-30 19:42
libcurl	CVE-2024-9681	中危	8.4.0-r0	8.11.0-r0	curl: HSTS subdomain overwrites parent cache entry 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-11-06 08:15 修改: 2025-11-03 21:18
libcurl	CVE-2025-0665	中危	8.4.0-r0	8.12.0-r0	libcurl: Double Close of Eventfd in libcurl 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2026-03-17 18:16
libcurl	CVE-2025-0725	中危	8.4.0-r0	8.12.0-r0	libcurl: Buffer Overflow in libcurl via zlib Integer Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2025-06-27 19:24
curl	CVE-2023-46219	中危	8.4.0-r0	8.5.0-r0	curl: excessively long file name may lead to unknown HSTS status 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46219 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-12 02:15 修改: 2026-05-12 11:16
curl	CVE-2024-0853	中危	8.4.0-r0	8.6.0-r0	curl: OCSP verification bypass with TLS session reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0853 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-02-03 14:15 修改: 2025-06-20 20:15
curl	CVE-2024-11053	中危	8.4.0-r0	8.11.1-r0	curl: curl netrc password leak 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-12-11 08:15 修改: 2025-11-03 21:16
curl	CVE-2024-2004	中危	8.4.0-r0	8.7.1-r0	curl: Usage of disabled protocol 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2004 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
curl	CVE-2024-2379	中危	8.4.0-r0	8.7.1-r0	curl: QUIC certificate check bypass with wolfSSL 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2379 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
curl	CVE-2024-2466	中危	8.4.0-r0	8.7.1-r0	curl: TLS certificate check bypass with mbedTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2466 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libexpat	CVE-2023-52426	中危	2.5.0-r1	2.6.0-r0	expat: recursive XML entity expansion vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52426 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-02-04 20:15 修改: 2025-11-04 19:16
libexpat	CVE-2024-50602	中危	2.5.0-r1	2.6.4-r0	libexpat: expat: DoS via XML_ResumeParser 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-10-27 05:15 修改: 2025-10-15 17:54
curl	CVE-2024-6874	中危	8.4.0-r0	8.9.0-r0	curl: macidn punycode buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6874 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-24 08:15 修改: 2024-11-21 09:50
curl	CVE-2024-7264	中危	8.4.0-r0	8.9.1-r0	curl: libcurl: ASN.1 date parser overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-31 08:15 修改: 2025-11-03 23:17
libssl3	CVE-2023-5678	中危	3.1.3-r0	3.1.4-r1	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-06 16:15 修改: 2026-05-12 11:16
libssl3	CVE-2023-6129	中危	3.1.3-r0	3.1.4-r3	openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-01-09 17:15 修改: 2026-05-12 11:16
libssl3	CVE-2023-6237	中危	3.1.3-r0	3.1.4-r4	openssl: Excessive time spent checking invalid RSA public keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-04-25 07:15 修改: 2026-05-12 11:16
libssl3	CVE-2024-0727	中危	3.1.3-r0	3.1.4-r5	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-01-26 09:15 修改: 2026-05-12 12:16
libssl3	CVE-2024-13176	中危	3.1.3-r0	3.1.8-r0	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
libssl3	CVE-2024-4603	中危	3.1.3-r0	3.1.5-r0	openssl: Excessive time spent checking DSA keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-05-16 16:15 修改: 2026-04-15 00:35
libssl3	CVE-2024-4741	中危	3.1.3-r0	3.1.6-r0	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-11-13 11:15 修改: 2026-04-15 00:35
libssl3	CVE-2024-5535	中危	3.1.3-r0	3.1.6-r0	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-06-27 11:15 修改: 2026-05-12 12:17
curl	CVE-2024-8096	中危	8.4.0-r0	8.10.0-r0	curl: OCSP stapling bypass with GnuTLS 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-09-11 10:15 修改: 2025-07-30 19:42
curl	CVE-2024-9681	中危	8.4.0-r0	8.11.0-r0	curl: HSTS subdomain overwrites parent cache entry 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-11-06 08:15 修改: 2025-11-03 21:18
curl	CVE-2025-0665	中危	8.4.0-r0	8.12.0-r0	libcurl: Double Close of Eventfd in libcurl 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2026-03-17 18:16
curl	CVE-2025-0725	中危	8.4.0-r0	8.12.0-r0	libcurl: Buffer Overflow in libcurl via zlib Integer Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2025-06-27 19:24
busybox	CVE-2023-42365	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
busybox	CVE-2023-42366	中危	1.36.1-r2	1.36.1-r6	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
libxml2	CVE-2024-34459	中危	2.11.4-r0	2.11.8-r0	libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34459 镜像层: sha256:11148e4e6556b5484b55b8bd744a696729aca127eff03462ea3579f1a5dfd7d9 发布日期: 2024-05-14 15:39 修改: 2025-11-04 22:16
busybox-binsh	CVE-2023-42363	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 22:15 修改: 2024-11-21 08:22
busybox-binsh	CVE-2023-42364	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
busybox-binsh	CVE-2023-42365	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
git	CVE-2024-50349	中危	2.40.1-r0	2.40.4-r0	git: Git does not sanitize URLs when asking for credentials interactively 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50349 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-01-14 19:15 修改: 2025-12-18 16:42
busybox-binsh	CVE-2023-42366	中危	1.36.1-r2	1.36.1-r6	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
python3	CVE-2023-27043	中危	3.11.6-r0	3.11.10-r0	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2023-04-19 00:15 修改: 2026-05-12 11:16
python3	CVE-2024-6923	中危	3.11.6-r0	3.11.10-r0	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-01 14:15 修改: 2026-04-15 00:35
python3	CVE-2024-8088	中危	3.11.6-r0	3.11.8-r1	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-22 19:15 修改: 2026-04-15 00:35
python3	CVE-2025-0938	中危	3.11.6-r0	3.11.12-r0	python: cpython: URL parser allowed square brackets in domain names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-01-31 18:15 修改: 2026-04-15 00:35
python3	CVE-2025-4516	中危	3.11.6-r0	3.11.12-r1	cpython: python: CPython DecodeError Handling Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-05-15 14:15 修改: 2026-04-15 00:35
busybox	CVE-2023-42363	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 22:15 修改: 2024-11-21 08:22
libcrypto3	CVE-2023-5678	中危	3.1.3-r0	3.1.4-r1	openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-06 16:15 修改: 2026-05-12 11:16
libcrypto3	CVE-2023-6129	中危	3.1.3-r0	3.1.4-r3	openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-01-09 17:15 修改: 2026-05-12 11:16
python3-pyc	CVE-2023-27043	中危	3.11.6-r0	3.11.10-r0	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2023-04-19 00:15 修改: 2026-05-12 11:16
python3-pyc	CVE-2024-6923	中危	3.11.6-r0	3.11.10-r0	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-01 14:15 修改: 2026-04-15 00:35
python3-pyc	CVE-2024-8088	中危	3.11.6-r0	3.11.8-r1	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-22 19:15 修改: 2026-04-15 00:35
python3-pyc	CVE-2025-0938	中危	3.11.6-r0	3.11.12-r0	python: cpython: URL parser allowed square brackets in domain names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-01-31 18:15 修改: 2026-04-15 00:35
python3-pyc	CVE-2025-4516	中危	3.11.6-r0	3.11.12-r1	cpython: python: CPython DecodeError Handling Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-05-15 14:15 修改: 2026-04-15 00:35
libcrypto3	CVE-2023-6237	中危	3.1.3-r0	3.1.4-r4	openssl: Excessive time spent checking invalid RSA public keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-04-25 07:15 修改: 2026-05-12 11:16
libcrypto3	CVE-2024-0727	中危	3.1.3-r0	3.1.4-r5	openssl: denial of service via null dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-01-26 09:15 修改: 2026-05-12 12:16
libcrypto3	CVE-2024-13176	中危	3.1.3-r0	3.1.8-r0	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
python3-pycache-pyc0	CVE-2023-27043	中危	3.11.6-r0	3.11.10-r0	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27043 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2023-04-19 00:15 修改: 2026-05-12 11:16
python3-pycache-pyc0	CVE-2024-6923	中危	3.11.6-r0	3.11.10-r0	cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-01 14:15 修改: 2026-04-15 00:35
python3-pycache-pyc0	CVE-2024-8088	中危	3.11.6-r0	3.11.8-r1	python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-08-22 19:15 修改: 2026-04-15 00:35
python3-pycache-pyc0	CVE-2025-0938	中危	3.11.6-r0	3.11.12-r0	python: cpython: URL parser allowed square brackets in domain names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-01-31 18:15 修改: 2026-04-15 00:35
python3-pycache-pyc0	CVE-2025-4516	中危	3.11.6-r0	3.11.12-r1	cpython: python: CPython DecodeError Handling Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-05-15 14:15 修改: 2026-04-15 00:35
libcrypto3	CVE-2024-4603	中危	3.1.3-r0	3.1.5-r0	openssl: Excessive time spent checking DSA keys and parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-05-16 16:15 修改: 2026-04-15 00:35
libcrypto3	CVE-2024-4741	中危	3.1.3-r0	3.1.6-r0	openssl: Use After Free with SSL_free_buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-11-13 11:15 修改: 2026-04-15 00:35
ssl_client	CVE-2023-42363	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free in awk 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 22:15 修改: 2024-11-21 08:22
ssl_client	CVE-2023-42364	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
ssl_client	CVE-2023-42365	中危	1.36.1-r2	1.36.1-r7	busybox: use-after-free 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2025-11-03 21:16
ssl_client	CVE-2023-42366	中危	1.36.1-r2	1.36.1-r6	busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
libcrypto3	CVE-2024-5535	中危	3.1.3-r0	3.1.6-r0	openssl: SSL_select_next_proto buffer overread 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-06-27 11:15 修改: 2026-05-12 12:17
libcrypto3	CVE-2024-9143	低危	3.1.3-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
python3	CVE-2024-4032	低危	3.11.6-r0	3.11.10-r0	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-06-17 15:15 修改: 2026-04-15 00:35
python3-pycache-pyc0	CVE-2024-4032	低危	3.11.6-r0	3.11.10-r0	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-06-17 15:15 修改: 2026-04-15 00:35
python3-pyc	CVE-2024-4032	低危	3.11.6-r0	3.11.10-r0	python: incorrect IPv4 and IPv6 private ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-06-17 15:15 修改: 2026-04-15 00:35
curl	CVE-2025-0167	低危	8.4.0-r0	8.12.0-r0	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2025-07-30 19:41
git	CVE-2024-32020	低危	2.40.1-r0	2.40.3-r0	git: insecure hardlinks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-32020 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-05-14 19:15 修改: 2026-01-06 17:01
libssl3	CVE-2024-2511	低危	3.1.3-r0	3.1.4-r6	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-04-08 14:15 修改: 2026-05-12 12:16
libssl3	CVE-2024-9143	低危	3.1.3-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
libcrypto3	CVE-2024-2511	低危	3.1.3-r0	3.1.4-r6	openssl: Unbounded memory growth with session handling in TLSv1.3 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511 镜像层: sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438 发布日期: 2024-04-08 14:15 修改: 2026-05-12 12:16
libcurl	CVE-2025-0167	低危	8.4.0-r0	8.12.0-r0	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-05 10:15 修改: 2025-07-30 19:41

Python (python-pkg)

低危漏洞:1

中危漏洞:6

高危漏洞:7

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
pyasn1	CVE-2026-30922	高危	0.5.0	0.6.3	pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-30922 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-03-18 04:17 修改: 2026-05-01 17:16
setuptools	CVE-2024-6345	高危	68.2.2	70.0.0	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-07-15 01:15 修改: 2026-04-15 00:35
setuptools	CVE-2025-47273	高危	68.2.2	78.1.1	setuptools: Path Traversal Vulnerability in setuptools PackageIndex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
urllib3	CVE-2025-66418	高危	2.0.7	2.6.0	urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-12-05 16:15 修改: 2025-12-10 16:08
urllib3	CVE-2025-66471	高危	2.0.7	2.6.0	urllib3: urllib3 Streaming API improperly handles highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-12-05 17:16 修改: 2025-12-10 16:10
urllib3	CVE-2026-21441	高危	2.0.7	2.6.3	urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-01-07 22:15 修改: 2026-01-23 09:15
urllib3	CVE-2026-44431	高危	2.0.7	2.7.0	urllib3: Sensitive headers forwarded across origins in proxied low-level redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
pip	CVE-2026-6357	中危	23.3.1	26.1	pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
awscli	GHSA-747p-wmpv-9c78	中危	1.30.1	1.44.38	AWS CLI: cli_history database does not restrict file permissions on Unix systems 漏洞详情: https://github.com/advisories/GHSA-747p-wmpv-9c78 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-02-27 15:50 修改: 2026-02-27 15:50
pip	CVE-2025-8869	中危	23.3.1	25.3	pip: pip missing checks on symbolic link extraction 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-09-24 15:15 修改: 2026-04-15 00:35
pip	CVE-2026-3219	中危	23.3.1		pip: pip: Incorrect file installation due to improper archive handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
urllib3	CVE-2024-37891	中危	2.0.7	1.26.19, 2.2.2	urllib3: proxy-authorization request header is not stripped during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2024-06-17 20:15 修改: 2026-01-06 16:52
urllib3	CVE-2025-50181	中危	2.0.7	2.5.0	urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2025-06-19 01:15 修改: 2025-12-22 19:15
pip	CVE-2026-1703	低危	23.3.1	26.0	pip: pip: Information disclosure via path traversal when installing crafted wheel archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703 镜像层: sha256:9cd78d5729a473748a7f5b0944c562b28cb8a07d73943fc3fa6e23f09bdbeee0 发布日期: 2026-02-02 15:16 修改: 2026-04-15 00:35

krew-linux_amd64 (gobinary)

低危漏洞:1

中危漏洞:47

高危漏洞:19

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	v1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.5	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
golang.org/x/net	CVE-2023-39325	高危	v0.12.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39325	高危	v1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.5	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.5	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.5	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.5	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.5	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.5	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.5	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.5	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.5	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.5	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.5	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.5	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.5	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.5	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2023-3978	中危	v0.12.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-08-02 20:15 修改: 2024-11-21 08:18
golang.org/x/net	CVE-2023-44487	中危	v0.12.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
golang.org/x/net	CVE-2023-45288	中危	v0.12.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.12.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.12.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2023-29406	中危	v1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.5	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.5	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.5	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.5	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.5	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.5	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.5	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.5	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.5	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.5	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.5	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.5	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.5	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.5	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.5	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.5	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.5	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.5	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.5	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.5	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.5	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.5	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.5	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.5	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.5	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.5	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.5	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.20.5	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

root/.krew/store/krew/v0.4.4/krew (gobinary)

低危漏洞:1

中危漏洞:47

高危漏洞:19

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	v1.20.5	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.5	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
golang.org/x/net	CVE-2023-39325	高危	v0.12.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39325	高危	v1.20.5	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.20.5	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.5	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.5	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.5	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.5	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.5	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.5	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.5	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.5	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.5	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.5	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.5	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.5	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.5	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.5	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.5	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.5	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2023-3978	中危	v0.12.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-08-02 20:15 修改: 2024-11-21 08:18
golang.org/x/net	CVE-2023-44487	中危	v0.12.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
golang.org/x/net	CVE-2023-45288	中危	v0.12.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.12.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.12.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2023-29406	中危	v1.20.5	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.20.5	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.20.5	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.20.5	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.5	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.5	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.5	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.5	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.5	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.5	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.5	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.5	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.5	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.5	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.5	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.5	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.5	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.5	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.5	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.5	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.5	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.5	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.5	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.5	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.5	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.5	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.5	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.5	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.5	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.5	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.5	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.5	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.5	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.5	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.5	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.5	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.5	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.5	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.5	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.5	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.5	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.20.5	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:238b92feff94b018048fc261323ee3d28d3dae8c99e0ba29305b1d92963da517 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

root/.local/share/helm/plugins/helm-diff/bin/diff (gobinary)

低危漏洞:2

中危漏洞:65

高危漏洞:33

严重漏洞:6

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v20.10.24+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-07-24 17:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2024-45337	严重	v0.5.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
google.golang.org/grpc	CVE-2026-33186	严重	v1.53.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2023-24540	严重	v1.19.8	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2024-24790	严重	v1.19.8	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.19.8	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/docker/cli	CVE-2025-15558	高危	v20.10.21+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
golang.org/x/crypto	CVE-2025-22869	高危	v0.5.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/net	CVE-2023-39325	高危	v0.9.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
golang.org/x/oauth2	CVE-2025-22868	高危	v0.4.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/containerd/containerd	CVE-2024-25621	高危	v1.7.0	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.53.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-10-25 21:17 修改: 2024-07-19 16:32
helm.sh/helm/v3	CVE-2024-26147	高危	v3.11.3	3.14.2	helm: Missing YAML Content Leads To Panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26147 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-02-21 23:15 修改: 2025-01-09 14:40
helm.sh/helm/v3	CVE-2025-53547	高危	v3.11.3	3.18.4, 3.17.4	helm.sh/helm/v3: Helm Chart Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-07-08 22:15 修改: 2025-09-03 16:26
github.com/docker/docker	CVE-2026-34040	高危	v20.10.24+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/moby/spdystream	CVE-2026-35469	高危	v0.2.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
github.com/sirupsen/logrus	CVE-2025-65637	高危	v1.9.0	1.8.3, 1.9.1, 1.9.3	github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65637 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-12-04 19:16 修改: 2025-12-23 00:26
stdlib	CVE-2023-24539	高危	v1.19.8	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29400	高危	v1.19.8	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29403	高危	v1.19.8	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	v1.19.8	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.19.8	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45287	高危	v1.19.8	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-12-05 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.19.8	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.19.8	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.19.8	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.19.8	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.19.8	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.19.8	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.19.8	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.19.8	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.19.8	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.19.8	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.19.8	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.19.8	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.19.8	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.19.8	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.19.8	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.19.8	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/crypto	CVE-2023-48795	中危	v0.5.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.5.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.5.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
github.com/docker/docker	CVE-2024-24557	中危	v20.10.24+incompatible	24.0.9, 25.0.2	moby: classic builder cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-02-01 17:15 修改: 2024-11-21 08:59
golang.org/x/net	CVE-2023-3978	中危	v0.9.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-08-02 20:15 修改: 2024-11-21 08:18
golang.org/x/net	CVE-2023-44487	中危	v0.9.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
golang.org/x/net	CVE-2023-45288	中危	v0.9.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.9.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.9.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/docker/docker	CVE-2024-29018	中危	v20.10.24+incompatible	26.0.0-rc3, 25.0.5, 23.0.11	moby: external DNS requests from 'internal' networks could lead to data exfiltration 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-20 21:15 修改: 2025-04-09 15:40
github.com/docker/docker	CVE-2026-33997	中危	v20.10.24+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/docker/docker	GHSA-jq35-85cj-fj4p	中危	v20.10.24+incompatible	24.0.7, 23.0.8, 20.10.27	/sys/devices/virtual/powercap accessible by default to containers 漏洞详情: https://github.com/advisories/GHSA-jq35-85cj-fj4p 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-10-30 15:25 修改: 2023-10-30 15:25
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
github.com/cyphar/filepath-securejoin	GHSA-6xv5-86q9-7xr8	中危	v0.2.3	0.2.4	SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced 漏洞详情: https://github.com/advisories/GHSA-6xv5-86q9-7xr8 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-09-07 12:58 修改: 2023-09-07 12:58
github.com/containerd/containerd	CVE-2024-40635	中危	v1.7.0	1.7.27, 1.6.38	containerd: containerd has an integer overflow in User ID handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
helm.sh/helm/v3	CVE-2024-25620	中危	v3.11.3	3.14.1	helm: Dependency management path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25620 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-02-15 00:15 修改: 2025-01-09 13:55
helm.sh/helm/v3	CVE-2025-32386	中危	v3.11.3	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32386 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-32387	中危	v3.11.3	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32387 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-55198	中危	v3.11.3	3.18.5	helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:28
helm.sh/helm/v3	CVE-2025-55199	中危	v3.11.3	3.18.5	helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:25
helm.sh/helm/v3	CVE-2026-35206	中危	v3.11.3	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-09 21:16 修改: 2026-04-16 20:36
github.com/containerd/containerd	CVE-2025-64329	中危	v1.7.0	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	中危	v1.7.0	1.6.26, 1.7.11	containerd allows RAPL to be accessible to a container 漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-12-19 21:17 修改: 2023-12-19 21:17
stdlib	CVE-2023-29406	中危	v1.19.8	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.19.8	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.19.8	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.19.8	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.19.8	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.19.8	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.19.8	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.19.8	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.19.8	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.19.8	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.19.8	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.19.8	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.19.8	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.19.8	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.19.8	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.19.8	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.19.8	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.19.8	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.19.8	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.19.8	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.19.8	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.19.8	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.19.8	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.19.8	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.19.8	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.19.8	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.19.8	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.19.8	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.19.8	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.19.8	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.19.8	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.19.8	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.19.8	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.19.8	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.19.8	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.19.8	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.19.8	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.19.8	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.19.8	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.19.8	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.19.8	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.19.8	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/docker/docker	CVE-2025-54410	低危	v20.10.24+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2025-07-30 14:15 修改: 2025-08-22 17:27
stdlib	CVE-2026-27139	低危	v1.19.8	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:248660221e284f78f6ffaf6847e7b1db5baacddf2ed4f0db54c6c5fd4b772959 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

root/.local/share/helm/plugins/helm-push/bin/helm-cm-push (gobinary)

低危漏洞:2

中危漏洞:67

高危漏洞:30

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v20.10.24+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-07-24 17:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2024-45337	严重	v0.5.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
google.golang.org/grpc	CVE-2026-33186	严重	v1.49.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2024-24790	严重	v1.20.4	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.4	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/sirupsen/logrus	CVE-2025-65637	高危	v1.9.0	1.8.3, 1.9.1, 1.9.3	github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65637 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-12-04 19:16 修改: 2025-12-23 00:26
github.com/docker/cli	CVE-2025-15558	高危	v20.10.24+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
golang.org/x/crypto	CVE-2025-22869	高危	v0.5.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/net	CVE-2023-39325	高危	v0.9.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
golang.org/x/oauth2	CVE-2025-22868	高危	v0.0.0-20220223155221-ee480838109b	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/docker/distribution	CVE-2023-2253	高危	v2.8.1+incompatible	2.8.2-beta.1	distribution/distribution: DoS from malicious API request 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2253 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-06-06 20:15 修改: 2025-01-07 22:15
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.49.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-10-25 21:17 修改: 2024-07-19 16:32
helm.sh/helm/v3	CVE-2024-26147	高危	v3.11.2	3.14.2	helm: Missing YAML Content Leads To Panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26147 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-02-21 23:15 修改: 2025-01-09 14:40
helm.sh/helm/v3	CVE-2025-53547	高危	v3.11.2	3.18.4, 3.17.4	helm.sh/helm/v3: Helm Chart Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-07-08 22:15 修改: 2025-09-03 16:26
github.com/containerd/containerd	CVE-2024-25621	高危	v1.6.15	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
github.com/docker/docker	CVE-2026-34040	高危	v20.10.24+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
stdlib	CVE-2023-29403	高危	v1.20.4	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	v1.20.4	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.20.4	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.4	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.4	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.4	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.4	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.4	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.4	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.4	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.4	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.4	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.4	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.4	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.4	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.4	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.4	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.4	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.4	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
helm.sh/helm/v3	CVE-2025-32387	中危	v3.11.2	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32387 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-55198	中危	v3.11.2	3.18.5	helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:28
helm.sh/helm/v3	CVE-2025-55199	中危	v3.11.2	3.18.5	helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:25
helm.sh/helm/v3	CVE-2026-35206	中危	v3.11.2	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-09 21:16 修改: 2026-04-16 20:36
github.com/docker/docker	GHSA-jq35-85cj-fj4p	中危	v20.10.24+incompatible	24.0.7, 23.0.8, 20.10.27	/sys/devices/virtual/powercap accessible by default to containers 漏洞详情: https://github.com/advisories/GHSA-jq35-85cj-fj4p 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-10-30 15:25 修改: 2023-10-30 15:25
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	中危	v1.6.15	1.6.26, 1.7.11	containerd allows RAPL to be accessible to a container 漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-12-19 21:17 修改: 2023-12-19 21:17
github.com/cyphar/filepath-securejoin	GHSA-6xv5-86q9-7xr8	中危	v0.2.3	0.2.4	SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced 漏洞详情: https://github.com/advisories/GHSA-6xv5-86q9-7xr8 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-09-07 12:58 修改: 2023-09-07 12:58
github.com/containerd/containerd	CVE-2023-25153	中危	v1.6.15	1.5.18, 1.6.18	containerd: OCI image importer memory exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25153 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-02-16 15:15 修改: 2024-11-21 07:49
golang.org/x/crypto	CVE-2023-48795	中危	v0.5.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.5.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.5.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
github.com/containerd/containerd	CVE-2023-25173	中危	v1.6.15	1.5.18, 1.6.18	containerd: Supplementary groups are not set up properly 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25173 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-02-16 15:15 修改: 2024-11-21 07:49
golang.org/x/net	CVE-2023-3978	中危	v0.9.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-08-02 20:15 修改: 2024-11-21 08:18
golang.org/x/net	CVE-2023-44487	中危	v0.9.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
golang.org/x/net	CVE-2023-45288	中危	v0.9.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.9.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.9.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/containerd/containerd	CVE-2024-40635	中危	v1.6.15	1.7.27, 1.6.38	containerd: containerd has an integer overflow in User ID handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
github.com/containerd/containerd	CVE-2025-64329	中危	v1.6.15	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/docker/docker	CVE-2024-24557	中危	v20.10.24+incompatible	24.0.9, 25.0.2	moby: classic builder cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-02-01 17:15 修改: 2024-11-21 08:59
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
github.com/docker/docker	CVE-2024-29018	中危	v20.10.24+incompatible	26.0.0-rc3, 25.0.5, 23.0.11	moby: external DNS requests from 'internal' networks could lead to data exfiltration 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-20 21:15 修改: 2025-04-09 15:40
github.com/docker/docker	CVE-2026-33997	中危	v20.10.24+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
helm.sh/helm/v3	CVE-2024-25620	中危	v3.11.2	3.14.1	helm: Dependency management path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25620 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-02-15 00:15 修改: 2025-01-09 13:55
helm.sh/helm/v3	CVE-2025-32386	中危	v3.11.2	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32386 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
stdlib	CVE-2023-29406	中危	v1.20.4	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.20.4	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.20.4	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.20.4	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.20.4	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.4	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.4	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.4	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.4	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.4	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.4	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.4	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.4	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.4	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.4	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.4	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.4	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.4	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.4	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.4	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.4	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.4	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.4	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.4	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.4	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.4	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.4	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.4	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.4	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.4	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.4	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.4	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.4	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.4	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.4	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.4	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.4	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.4	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.4	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.4	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.4	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.4	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/docker/docker	CVE-2025-54410	低危	v20.10.24+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2025-07-30 14:15 修改: 2025-08-22 17:27
stdlib	CVE-2026-27139	低危	v1.20.4	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:bb84e62c2b00a1652131c59489a9e8fff23a228cc29085f8a044578b057de2d4 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

root/.local/share/helm/plugins/helm-unittest/untt (gobinary)

低危漏洞:1

中危漏洞:51

高危漏洞:21

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.14.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
stdlib	CVE-2024-24790	严重	v1.21.3	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.21.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
helm.sh/helm/v3	CVE-2024-26147	高危	v3.13.1	3.14.2	helm: Missing YAML Content Leads To Panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26147 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-02-21 23:15 修改: 2025-01-09 14:40
helm.sh/helm/v3	CVE-2025-53547	高危	v3.13.1	3.18.4, 3.17.4	helm.sh/helm/v3: Helm Chart Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-07-08 22:15 修改: 2025-09-03 16:26
golang.org/x/crypto	CVE-2025-22869	高危	v0.14.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.13.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2023-45283	高危	v1.21.3	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.21.3	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.21.3	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.21.3	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.21.3	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.21.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.21.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.21.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.21.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.21.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.21.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.21.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.21.3	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.21.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.21.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.21.3	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.21.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/crypto	CVE-2025-58181	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
helm.sh/helm/v3	CVE-2024-25620	中危	v3.13.1	3.14.1	helm: Dependency management path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25620 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-02-15 00:15 修改: 2025-01-09 13:55
helm.sh/helm/v3	CVE-2025-32386	中危	v3.13.1	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32386 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-32387	中危	v3.13.1	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32387 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-55198	中危	v3.13.1	3.18.5	helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:28
helm.sh/helm/v3	CVE-2025-55199	中危	v3.13.1	3.18.5	helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:25
helm.sh/helm/v3	CVE-2026-35206	中危	v3.13.1	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-09 21:16 修改: 2026-04-16 20:36
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.14.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2023-39326	中危	v1.21.3	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.21.3	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.21.3	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.21.3	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.21.3	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.21.3	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.21.3	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.21.3	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.21.3	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.21.3	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.21.3	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.21.3	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.21.3	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.21.3	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.21.3	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.21.3	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.21.3	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.21.3	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.21.3	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.21.3	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.21.3	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.21.3	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.21.3	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.21.3	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.21.3	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.21.3	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.21.3	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.21.3	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.21.3	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.21.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.21.3	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.21.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.21.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.21.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.21.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.21.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.21.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.21.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.21.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:2ec8532c65183e1c82401c92918228101baa34b5cc09a5cec97392debf187043 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/aws-iam-authenticator (gobinary)

低危漏洞:1

中危漏洞:49

高危漏洞:27

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	v1.20.1	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib	CVE-2023-24540	严重	v1.20.1	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2024-24790	严重	v1.20.1	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.1	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
golang.org/x/net	CVE-2023-39325	高危	v0.7.0	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
golang.org/x/oauth2	CVE-2025-22868	高危	v0.0.0-20220223155221-ee480838109b	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/sirupsen/logrus	CVE-2025-65637	高危	v1.8.1	1.8.3, 1.9.1, 1.9.3	github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65637 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-12-04 19:16 修改: 2025-12-23 00:26
stdlib	CVE-2023-24534	高危	v1.20.1	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib	CVE-2023-24536	高危	v1.20.1	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib	CVE-2023-24537	高危	v1.20.1	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib	CVE-2023-24539	高危	v1.20.1	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29400	高危	v1.20.1	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29403	高危	v1.20.1	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	v1.20.1	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.20.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.1	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.1	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.1	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.1	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.1	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.1	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.1	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.1	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.1	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.1	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2023-3978	中危	v0.7.0	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-08-02 20:15 修改: 2024-11-21 08:18
google.golang.org/protobuf	CVE-2024-24786	中危	v1.28.1	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2023-44487	中危	v0.7.0	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
golang.org/x/net	CVE-2023-45288	中危	v0.7.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.7.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.7.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2023-24532	中危	v1.20.1	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-03-08 20:15 修改: 2024-11-21 07:48
stdlib	CVE-2023-29406	中危	v1.20.1	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.20.1	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.20.1	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.20.1	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.20.1	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.1	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.1	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.1	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.1	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.1	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.1	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.1	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.1	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.1	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.1	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.1	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.1	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.1	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.1	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.1	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.1	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.1	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.1	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.1	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.1	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.1	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.1	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.1	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.1	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.1	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.1	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.1	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.1	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.1	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.1	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.20.1	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:067f7eb9b57bb9249259d38cedfb2c81f0be0aab42d6e8067efd65e546e903fc 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/eksctl (gobinary)

低危漏洞:2

中危漏洞:61

高危漏洞:26

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v20.10.24+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-07-24 17:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2024-45337	严重	v0.14.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
google.golang.org/grpc	CVE-2026-33186	严重	v1.58.2	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2024-24790	严重	v1.20.10	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.10	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/docker/cli	CVE-2025-15558	高危	v20.10.21+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
golang.org/x/crypto	CVE-2025-22869	高危	v0.14.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.13.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/containerd/containerd	CVE-2024-25621	高危	v1.6.18	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.58.2	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-10-25 21:17 修改: 2024-07-19 16:32
helm.sh/helm/v3	CVE-2024-26147	高危	v3.11.2	3.14.2	helm: Missing YAML Content Leads To Panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26147 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-02-21 23:15 修改: 2025-01-09 14:40
helm.sh/helm/v3	CVE-2025-53547	高危	v3.11.2	3.18.4, 3.17.4	helm.sh/helm/v3: Helm Chart Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-07-08 22:15 修改: 2025-09-03 16:26
github.com/docker/docker	CVE-2026-34040	高危	v20.10.24+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/moby/spdystream	CVE-2026-35469	高危	v0.2.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
stdlib	CVE-2023-45283	高危	v1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.10	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.10	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.10	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.10	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.10	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.10	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.10	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.10	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.10	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.10	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.10	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.10	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.10	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.10	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
helm.sh/helm/v3	CVE-2025-32387	中危	v3.11.2	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32387 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
helm.sh/helm/v3	CVE-2025-55198	中危	v3.11.2	3.18.5	helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:28
helm.sh/helm/v3	CVE-2025-55199	中危	v3.11.2	3.18.5	helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:25
helm.sh/helm/v3	CVE-2026-35206	中危	v3.11.2	3.20.2	github.com/helm/helm: Helm: Files written to unexpected directory via specially crafted Chart 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35206 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-09 21:16 修改: 2026-04-16 20:36
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-06-24 17:15 修改: 2024-11-21 09:48
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	中危	v1.6.18	1.6.26, 1.7.11	containerd allows RAPL to be accessible to a container 漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-12-19 21:17 修改: 2023-12-19 21:17
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs	GHSA-xmrv-pmrh-hhx2	中危	v1.24.2	1.65.0	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/containerd/containerd	CVE-2024-40635	中危	v1.6.18	1.7.27, 1.6.38	containerd: containerd has an integer overflow in User ID handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
golang.org/x/crypto	CVE-2023-48795	中危	v0.14.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/containerd/containerd	CVE-2025-64329	中危	v1.6.18	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/docker/docker	CVE-2024-24557	中危	v20.10.24+incompatible	24.0.9, 25.0.2	moby: classic builder cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-02-01 17:15 修改: 2024-11-21 08:59
github.com/docker/docker	CVE-2024-29018	中危	v20.10.24+incompatible	26.0.0-rc3, 25.0.5, 23.0.11	moby: external DNS requests from 'internal' networks could lead to data exfiltration 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-20 21:15 修改: 2025-04-09 15:40
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
gopkg.in/square/go-jose.v2	CVE-2024-28180	中危	v2.6.0		jose-go: improper handling of highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-09 01:15 修改: 2025-12-03 20:29
github.com/docker/docker	CVE-2026-33997	中危	v20.10.24+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/docker/docker	GHSA-jq35-85cj-fj4p	中危	v20.10.24+incompatible	24.0.7, 23.0.8, 20.10.27	/sys/devices/virtual/powercap accessible by default to containers 漏洞详情: https://github.com/advisories/GHSA-jq35-85cj-fj4p 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-10-30 15:25 修改: 2023-10-30 15:25
helm.sh/helm/v3	CVE-2024-25620	中危	v3.11.2	3.14.1	helm: Dependency management path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25620 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-02-15 00:15 修改: 2025-01-09 13:55
helm.sh/helm/v3	CVE-2025-32386	中危	v3.11.2	3.17.3	helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32386 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-04-09 23:15 修改: 2025-09-03 17:03
stdlib	CVE-2023-39326	中危	v1.20.10	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.10	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.10	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.10	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.10	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.10	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.10	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.10	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.10	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.10	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.10	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.10	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.10	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.10	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.10	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.10	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.10	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.10	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.10	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.10	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.10	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.10	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.10	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.10	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.10	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.10	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.10	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.10	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.10	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.10	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.10	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.10	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.10	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.10	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/docker/docker	CVE-2025-54410	低危	v20.10.24+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2025-07-30 14:15 修改: 2025-08-22 17:27
stdlib	CVE-2026-27139	低危	v1.20.10	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:985688d20adeea0bacd6b72e96b478d8f6baa23754a2e91980e7b0628f5a972b 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/helm (gobinary)

低危漏洞:2

中危漏洞:50

高危漏洞:23

严重漏洞:5

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/docker/docker	CVE-2024-41110	严重	v24.0.7+incompatible	23.0.15, 26.1.5, 27.1.1, 25.0.6	moby: Authz zero length regression 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-24 17:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2024-45337	严重	v0.14.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
google.golang.org/grpc	CVE-2026-33186	严重	v1.56.3	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2024-24790	严重	v1.20.10	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.10	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/docker/cli	CVE-2025-15558	高危	v24.0.6+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
golang.org/x/crypto	CVE-2025-22869	高危	v0.14.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.8.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/containerd/containerd	CVE-2024-25621	高危	v1.7.6	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
github.com/docker/docker	CVE-2026-34040	高危	v24.0.7+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/moby/spdystream	CVE-2026-35469	高危	v0.2.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
stdlib	CVE-2023-45283	高危	v1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.10	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.10	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.10	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.10	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.10	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.10	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.10	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.10	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.10	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.10	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.10	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.10	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.10	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.10	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/docker/docker	CVE-2024-24557	中危	v24.0.7+incompatible	24.0.9, 25.0.2	moby: classic builder cache poisoning 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-02-01 17:15 修改: 2024-11-21 08:59
github.com/docker/docker	CVE-2026-33997	中危	v24.0.7+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
github.com/containerd/containerd	CVE-2024-40635	中危	v1.7.6	1.7.27, 1.6.38	containerd: containerd has an integer overflow in User ID handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
github.com/containerd/containerd	CVE-2025-64329	中危	v1.7.6	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/containerd/containerd	GHSA-7ww5-4wqc-m92c	中危	v1.7.6	1.6.26, 1.7.11	containerd allows RAPL to be accessible to a container 漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-19 21:17 修改: 2023-12-19 21:17
golang.org/x/crypto	CVE-2023-48795	中危	v0.14.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-39326	中危	v1.20.10	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.10	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.10	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.10	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.10	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.10	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.10	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.10	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.10	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.10	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.10	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.10	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.10	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.10	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.10	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.10	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.10	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.10	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.10	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.10	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.10	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.10	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.10	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.10	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.10	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.10	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.10	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.10	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.10	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.10	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.10	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.10	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.10	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.10	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/docker/docker	CVE-2025-54410	低危	v24.0.7+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2025-07-30 14:15 修改: 2025-08-22 17:27
stdlib	CVE-2026-27139	低危	v1.20.10	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:041e1a98baa5ab756f0d514fe04da604a3543540a509eb6610b5506016924196 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/kubeconform (gobinary)

低危漏洞:1

中危漏洞:44

高危漏洞:34

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2023-24538	严重	v1.19.1	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib	CVE-2023-24540	严重	v1.19.1	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2024-24790	严重	v1.19.1	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.19.1	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
stdlib	CVE-2022-2879	高危	v1.19.1	1.18.7, 1.19.2	golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-10-14 15:15 修改: 2024-11-21 07:01
stdlib	CVE-2022-2880	高危	v1.19.1	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-10-14 15:15 修改: 2024-11-21 07:01
stdlib	CVE-2022-41715	高危	v1.19.1	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-10-14 15:16 修改: 2024-11-21 07:23
stdlib	CVE-2022-41716	高危	v1.19.1	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-11-02 16:15 修改: 2024-11-21 07:23
stdlib	CVE-2022-41720	高危	v1.19.1	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-12-07 17:15 修改: 2025-04-23 16:15
stdlib	CVE-2022-41722	高危	v1.19.1	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib	CVE-2022-41723	高危	v1.19.1	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-02-28 18:15 修改: 2025-05-05 16:15
stdlib	CVE-2022-41724	高危	v1.19.1	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib	CVE-2022-41725	高危	v1.19.1	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib	CVE-2023-24534	高危	v1.19.1	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib	CVE-2023-24536	高危	v1.19.1	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib	CVE-2023-24537	高危	v1.19.1	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib	CVE-2023-24539	高危	v1.19.1	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29400	高危	v1.19.1	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib	CVE-2023-29403	高危	v1.19.1	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib	CVE-2023-39325	高危	v1.19.1	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.19.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45287	高危	v1.19.1	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-12-05 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.19.1	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.19.1	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.19.1	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.19.1	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.19.1	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.19.1	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.19.1	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.19.1	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.19.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.19.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.19.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.19.1	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.19.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.19.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.19.1	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.19.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2022-41717	中危	v1.19.1	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2022-12-08 20:15 修改: 2024-11-21 07:23
stdlib	CVE-2023-24532	中危	v1.19.1	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-03-08 20:15 修改: 2024-11-21 07:48
stdlib	CVE-2023-29406	中危	v1.19.1	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib	CVE-2023-29409	中危	v1.19.1	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib	CVE-2023-39318	中危	v1.19.1	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39319	中危	v1.19.1	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-39326	中危	v1.19.1	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.19.1	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.19.1	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.19.1	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.19.1	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.19.1	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.19.1	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.19.1	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.19.1	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.19.1	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.19.1	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.19.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.19.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.19.1	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.19.1	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.19.1	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.19.1	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.19.1	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.19.1	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.19.1	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.19.1	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.19.1	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.19.1	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.19.1	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.19.1	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.19.1	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.19.1	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.19.1	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.19.1	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.19.1	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.19.1	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.19.1	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.19.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.19.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.19.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.19.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.19.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.19.1	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.19.1	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:891051856754955ac8340b28d9805fc586e9fcec0b5e5137971aa32bb34bec24 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/kubectl (gobinary)

低危漏洞:1

中危漏洞:41

高危漏洞:18

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	v1.20.11	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.11	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/moby/spdystream	CVE-2026-35469	高危	v0.2.0	0.5.1	Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
golang.org/x/oauth2	CVE-2025-22868	高危	v0.8.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2023-45288	高危	v1.20.11	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.11	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.11	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.11	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.11	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.11	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.11	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.11	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.11	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.11	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.11	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.11	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.11	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.11	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.11	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.11	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2023-39326	中危	v1.20.11	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45289	中危	v1.20.11	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.11	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.11	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.11	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.11	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.11	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.11	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.11	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.11	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.11	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.11	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.11	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.11	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.11	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.11	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.11	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.11	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.11	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.11	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.11	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.11	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.11	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.11	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.11	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.11	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.11	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.11	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.11	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.11	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.11	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.11	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.11	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.11	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.11	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.11	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.11	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.20.11	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:be6fea7c3aff7ee2c1b23422470c12f506fa8d7d415ef7ae7bf96e3a3cac22ac 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/kubeseal (gobinary)

低危漏洞:1

中危漏洞:46

高危漏洞:20

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.15.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
stdlib	CVE-2024-24790	严重	v1.21.1	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.21.1	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
golang.org/x/crypto	CVE-2025-22869	高危	v0.15.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.8.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2023-39325	高危	v1.21.1	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.21.1	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.21.1	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.21.1	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.21.1	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.21.1	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.21.1	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.21.1	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.21.1	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.21.1	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.21.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.21.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.21.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.21.1	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.21.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.21.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.21.1	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.21.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/bitnami-labs/sealed-secrets	CVE-2026-22728	中危	0.24.4	0.36.0	Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22728 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-02-26 02:16 修改: 2026-04-15 00:35
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2023-48795	中危	v0.15.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.15.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.15.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-39326	中危	v1.21.1	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.21.1	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.21.1	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.21.1	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.21.1	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.21.1	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.21.1	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.21.1	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.21.1	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.21.1	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.21.1	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.21.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.21.1	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.21.1	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.21.1	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.21.1	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.21.1	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.21.1	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.21.1	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.21.1	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.21.1	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.21.1	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.21.1	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.21.1	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.21.1	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.21.1	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.21.1	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.21.1	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.21.1	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.21.1	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.21.1	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.21.1	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.21.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.21.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.21.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.21.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.21.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.21.1	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.21.1	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:6da9abb57efd62edb6d14e7b513f52201c07c79c7b81834996b1abfa4577de19 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/kustomize (gobinary)

低危漏洞:1

中危漏洞:39

高危漏洞:17

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2024-24790	严重	v1.20.10	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.10	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
stdlib	CVE-2023-45283	高危	v1.20.10	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.10	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.10	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.10	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.10	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.10	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.10	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.10	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.10	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.10	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.10	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.10	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.10	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.10	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.10	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.10	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
google.golang.org/protobuf	CVE-2024-24786	中危	v1.30.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-39326	中危	v1.20.10	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.10	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.10	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.10	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.10	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.10	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.10	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.10	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.10	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.10	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.10	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.10	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.10	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.10	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.10	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.10	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.10	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.10	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.10	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.10	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.10	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.10	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.10	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.10	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.10	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.10	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.10	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.10	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.10	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.10	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.10	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.10	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.10	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.10	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.10	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.10	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.20.10	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:07c72d0003821087be8f3a776ebb90a6c77a2ee237d151f271a918315e912f0c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/vals (gobinary)

低危漏洞:4

中危漏洞:53

高危漏洞:26

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.14.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
google.golang.org/grpc	CVE-2026-33186	严重	v1.58.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2024-24790	严重	v1.20.8	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib	CVE-2025-68121	严重	v1.20.8	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/hashicorp/go-slug	CVE-2025-0377	高危	v0.8.1	0.16.3	go-slug: HashiCorp go-slug Vulnerable to Zip Slip Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0377 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-01-21 16:15 修改: 2025-12-15 21:00
github.com/cloudflare/circl	GHSA-9763-4f94-gfch	高危	v1.3.3	1.3.7	CIRCL's Kyber: timing side-channel (kyberslash2) 漏洞详情: https://github.com/advisories/GHSA-9763-4f94-gfch 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-01-08 16:45 修改: 2024-05-20 22:00
golang.org/x/crypto	CVE-2025-22869	高危	v0.14.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.12.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/go-jose/go-jose/v3	CVE-2026-34986	高危	v3.0.0	3.0.5	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.58.1	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-10-25 21:17 修改: 2024-07-19 16:32
github.com/golang-jwt/jwt/v4	CVE-2025-30204	高危	v4.5.0	4.5.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-03-21 22:15 修改: 2026-04-15 00:35
github.com/golang-jwt/jwt/v5	CVE-2025-30204	高危	v5.0.0	5.2.2	golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-03-21 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-39325	高危	v1.20.8	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45283	高危	v1.20.8	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45288	高危	v1.20.8	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34156	高危	v1.20.8	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47907	高危	v1.20.8	1.23.12, 1.24.6	database/sql: Postgres Scan Race Condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib	CVE-2025-58183	高危	v1.20.8	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61726	高危	v1.20.8	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61728	高危	v1.20.8	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61729	高危	v1.20.8	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.20.8	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.20.8	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.20.8	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.20.8	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.20.8	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.20.8	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.20.8	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.20.8	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.20.8	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
golang.org/x/crypto	CVE-2023-48795	中危	v0.14.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
golang.org/x/crypto	CVE-2025-47914	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/go-jose/go-jose/v3	CVE-2025-27144	中危	v3.0.0	3.0.4	go-jose: Go JOSE's Parsing Vulnerable to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27144 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-02-24 23:15 修改: 2026-04-15 00:35
github.com/go-jose/go-jose/v3	GHSA-2c7c-3mj9-8fqh	中危	v3.0.0	3.0.1	Decryption of malicious PBES2 JWE objects can consume unbounded system resources 漏洞详情: https://github.com/advisories/GHSA-2c7c-3mj9-8fqh 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-11-21 22:17 修改: 2024-05-20 21:57
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.4.13	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.38.5	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/hashicorp/go-retryablehttp	CVE-2024-6104	中危	v0.7.1	0.7.7	go-retryablehttp: url might write sensitive information to log file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-06-24 17:15 修改: 2024-11-21 09:48
filippo.io/age	GHSA-32gq-x56h-299c	中危	v1.1.1	1.2.1	age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution 漏洞详情: https://github.com/advisories/GHSA-32gq-x56h-299c 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-12-18 18:23 修改: 2024-12-20 21:41
github.com/Azure/azure-sdk-for-go/sdk/azidentity	CVE-2024-35255	中危	v1.3.1	1.6.0-beta.4.0.20240610221955-50774cd97099	azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-06-11 17:16 修改: 2024-11-21 09:20
github.com/go-jose/go-jose/v3	CVE-2024-28180	中危	v3.0.0	3.0.3	jose-go: improper handling of highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-09 01:15 修改: 2025-12-03 20:29
stdlib	CVE-2023-39326	中危	v1.20.8	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib	CVE-2023-45284	中危	v1.20.8	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib	CVE-2023-45289	中危	v1.20.8	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2023-45290	中危	v1.20.8	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24783	中危	v1.20.8	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24784	中危	v1.20.8	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24785	中危	v1.20.8	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-24789	中危	v1.20.8	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib	CVE-2024-24791	中危	v1.20.8	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34155	中危	v1.20.8	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-34158	中危	v1.20.8	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45336	中危	v1.20.8	1.22.11, 1.23.5, 1.24.0-rc.2	golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2024-45341	中危	v1.20.8	1.22.11, 1.23.5, 1.24.0-rc.2	golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-0913	中危	v1.20.8	1.23.10, 1.24.4	Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib	CVE-2025-22866	中危	v1.20.8	1.22.12, 1.23.6, 1.24.0-rc.3	crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-22870	中危	v1.20.8	1.23.7, 1.24.1	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib	CVE-2025-22871	中危	v1.20.8	1.23.8, 1.24.2	net/http: Request smuggling due to acceptance of invalid chunked data in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib	CVE-2025-22873	中危	v1.20.8	1.23.9, 1.24.3	os: os: Information disclosure via path traversal using specially crafted filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib	CVE-2025-4673	中危	v1.20.8	1.23.10, 1.24.4	net/http: Sensitive headers not cleared on cross-origin redirect in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-47906	中危	v1.20.8	1.23.12, 1.24.6	os/exec: Unexpected paths returned from LookPath in os/exec 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib	CVE-2025-47912	中危	v1.20.8	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58185	中危	v1.20.8	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58186	中危	v1.20.8	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58187	中危	v1.20.8	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.20.8	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.20.8	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.20.8	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.20.8	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.20.8	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.20.8	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61730	中危	v1.20.8	1.24.12, 1.25.6	During the TLS 1.3 handshake if multiple messages are sent in records ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.20.8	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.20.8	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.20.8	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.20.8	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.20.8	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.20.8	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.20.8	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/cloudflare/circl	CVE-2025-8556	低危	v1.3.3	1.6.1	github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2025-08-06 09:15 修改: 2026-04-15 00:35
github.com/golang-jwt/jwt/v4	CVE-2024-51744	低危	v4.5.0	4.5.1	golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2024-11-04 22:15 修改: 2026-04-15 00:35
github.com/cloudflare/circl	CVE-2026-1229	低危	v1.3.3	1.6.3	CIRCL has an incorrect calculation in secp384r1 CombinedMult 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-02-24 08:16 修改: 2026-03-03 00:29
stdlib	CVE-2026-27139	低危	v1.20.8	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:086beb344e4d08beccfa4f89776dc5725f0492f666fe340f4d9aefc988044632 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32