docker.io/camunda/console:8.6.0 linux/amd64

docker.io/camunda/console:8.6.0 - Trivy安全扫描结果 扫描时间: 2026-07-13 11:39
全部漏洞信息
低危漏洞:29 中危漏洞:75 高危漏洞:82 严重漏洞:4

系统OS: alpine 3.18.6 扫描引擎: Trivy 扫描时间: 2026-07-13 11:39

docker.io/camunda/console:8.6.0 (alpine 3.18.6) (alpine)
低危漏洞:16 中危漏洞:23 高危漏洞:11 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
git CVE-2024-52006 高危 2.40.3-r0 2.40.4-r0 git: Newline confusion in credential helpers can lead to credential exfiltration in git

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52006

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-01-14 19:15 修改: 2026-06-17 08:06

libc6-compat CVE-2025-26519 高危 1.2.4-r2 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

libcrypto3 CVE-2024-6119 高危 3.1.4-r5 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libssl3 CVE-2024-6119 高危 3.1.4-r5 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

musl CVE-2025-26519 高危 1.2.4-r2 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2025-26519 高危 1.2.4-r2 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

python3 CVE-2024-9287 高危 3.11.10-r1 3.11.11-r0 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

python3-pyc CVE-2024-9287 高危 3.11.10-r1 3.11.11-r0 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

python3-pycache-pyc0 CVE-2024-9287 高危 3.11.10-r1 3.11.11-r0 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-10-22 17:15 修改: 2026-06-17 08:24

sqlite-libs CVE-2025-6965 高危 3.41.2-r3 3.41.2-r4 sqlite: Integer Truncation in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6965

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-07-15 14:15 修改: 2026-06-26 16:36

xz-libs CVE-2025-31115 高危 5.4.3-r0 5.4.3-r1 xz: XZ has a heap-use-after-free bug in threaded .xz decoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31115

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-04-03 17:15 修改: 2026-06-17 09:09

busybox CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcurl CVE-2024-8096 中危 8.9.1-r0 8.10.0-r0 curl: OCSP stapling bypass with GnuTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21

libcurl CVE-2024-9681 中危 8.9.1-r0 8.11.0-r0 curl: HSTS subdomain overwrites parent cache entry

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9681

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-11-06 08:15 修改: 2026-06-17 08:25

libexpat CVE-2024-50602 中危 2.6.3-r0 2.6.4-r0 libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-10-27 05:15 修改: 2026-06-17 08:04

libexpat CVE-2024-8176 中危 2.6.3-r0 2.7.0-r0 libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8176

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-03-14 09:15 修改: 2026-06-30 00:16

busybox CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

python3 CVE-2025-0938 中危 3.11.10-r1 3.11.12-r0 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python3 CVE-2025-4516 中危 3.11.10-r1 3.11.12-r1 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

busybox-binsh CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

python3-pyc CVE-2025-0938 中危 3.11.10-r1 3.11.12-r0 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python3-pyc CVE-2025-4516 中危 3.11.10-r1 3.11.12-r1 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

busybox CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

python3-pycache-pyc0 CVE-2025-0938 中危 3.11.10-r1 3.11.12-r0 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-01-31 18:15 修改: 2026-06-17 08:27

python3-pycache-pyc0 CVE-2025-4516 中危 3.11.10-r1 3.11.12-r1 cpython: python: CPython DecodeError Handling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4516

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-05-15 14:15 修改: 2026-06-17 09:33

git CVE-2024-50349 中危 2.40.3-r0 2.40.4-r0 git: Git does not sanitize URLs when asking for credentials interactively

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50349

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-01-14 19:15 修改: 2026-06-17 08:04

ssl_client CVE-2023-42363 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42365 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42366 中危 1.36.1-r5 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42364 中危 1.36.1-r5 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcrypto3 CVE-2024-13176 低危 3.1.4-r5 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-2511 低危 3.1.4-r5 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libcurl CVE-2024-11053 低危 8.9.1-r0 8.11.1-r0 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libcurl CVE-2025-0167 低危 8.9.1-r0 8.12.0-r0 When asked to use a `.netrc` file for credentials **and** to follow HT ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25

libcurl CVE-2025-0665 低危 8.9.1-r0 8.12.0-r0 libcurl: Double Close of Eventfd in libcurl

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0665

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:26

libcurl CVE-2025-0725 低危 8.9.1-r0 8.12.0-r0 libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0725

镜像层: sha256:d70f42966e465a13636185bc1ca37cfa9d7740c66b537b2af1b2974250ab355d

发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:27

libcrypto3 CVE-2024-4603 低危 3.1.4-r5 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libcrypto3 CVE-2024-4741 低危 3.1.4-r5 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libcrypto3 CVE-2024-5535 低危 3.1.4-r5 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-13176 低危 3.1.4-r5 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-2511 低危 3.1.4-r5 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl3 CVE-2024-4603 低危 3.1.4-r5 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-4741 低危 3.1.4-r5 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.1.4-r5 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.1.4-r5 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2024-9143 低危 3.1.4-r5 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:aedc3bda2944bb9bcb6c3d475bee8b460db9a9b0f3e0b33a6ed2fd1ae0f1d445

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

Node.js (node-pkg)
低危漏洞:13 中危漏洞:52 高危漏洞:71 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
form-data CVE-2025-7783 严重 2.5.1 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

handlebars CVE-2026-33937 严重 4.7.8 4.7.9 handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33937

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

protobufjs CVE-2026-41242 严重 7.2.6 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-04-18 17:16 修改: 2026-07-10 12:16

sha.js CVE-2025-9288 严重 2.4.11 2.4.12 sha.js: Missing type checks leading to hash rewind and passing on crafted data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9288

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-08-20 22:15 修改: 2026-06-17 10:08

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

@grpc/grpc-js CVE-2026-48068 高危 1.10.0 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: A malformed request can cause a server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

form-data CVE-2026-12143 高危 2.5.1 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-12 19:16 修改: 2026-07-10 12:16

glob CVE-2025-64756 高危 10.3.10 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 10.3.10 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 10.3.10 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

@grpc/grpc-js CVE-2026-48069 高危 1.10.0 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

handlebars CVE-2026-33938 高危 4.7.8 4.7.9 handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33938

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

handlebars CVE-2026-33939 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33939

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33940 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33940

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33941 高危 4.7.8 4.7.9 handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33941

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

jws CVE-2025-65945 高危 4.0.0 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-31 20:16 修改: 2026-07-10 12:17

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 7.4.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 7.4.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 7.4.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.3 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 9.0.3 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 9.0.3 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

path-to-regexp CVE-2024-52798 高危 0.1.10 0.1.12 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52798

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-12-05 23:15 修改: 2026-06-17 08:07

path-to-regexp CVE-2026-4867 高危 0.1.10 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

picomatch CVE-2026-33671 高危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

pnpm CVE-2025-69262 高危 9.0.4 10.27.0 pnpm: pnpm: Remote code execution via command injection in tokenHelper environment variable substitution

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69262

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-07 23:15 修改: 2026-06-22 14:39

pnpm CVE-2025-69263 高危 9.0.4 10.26.0 pnpm: pnpm Lockfile Integrity Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69263

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-07 22:15 修改: 2026-06-30 03:16

pnpm CVE-2026-50015 高危 9.0.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50015

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50016 高危 9.0.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50016

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 23:57

pnpm CVE-2026-55487 高危 9.0.4 10.34.2, 11.5.3 pnpm: pnpm: Supply chain compromise via manipulated package source strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55487

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55697 高危 9.0.4 11.5.3 pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55697

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-55698 高危 9.0.4 10.34.2, 11.5.3 pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55698

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:03

pnpm GHSA-72r4-9c5j-mj57 高危 9.0.4 10.34.4, 11.7.0 pnpm: `patch-remove` could delete project-selected files outside the patches directory

漏洞详情: https://github.com/advisories/GHSA-72r4-9c5j-mj57

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-27 00:12 修改: 2026-06-27 00:12

pnpm GHSA-fr4h-3cph-29xv 高危 9.0.4 10.34.4, 11.7.0 pnpm: Hoisted install imports lockfile alias outside node_modules

漏洞详情: https://github.com/advisories/GHSA-fr4h-3cph-29xv

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-27 00:02 修改: 2026-06-27 00:03

pnpm GHSA-qrv3-253h-g69c 高危 9.0.4 10.34.4, 11.8.0 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

漏洞详情: https://github.com/advisories/GHSA-qrv3-253h-g69c

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-27 00:13 修改: 2026-06-27 00:13

braces CVE-2024-4068 高危 3.0.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

protobufjs CVE-2026-44289 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-07-10 12:16

protobufjs CVE-2026-48712 高危 7.2.6 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

sigstore CVE-2026-48815 高危 2.2.2 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tar CVE-2026-23745 高危 6.2.0 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.0 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.2.0 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.2.0 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.0 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.2.0 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

typeorm CVE-2025-60542 高危 0.3.20 0.3.26 TypeORM: SQL Injection via crafted request to repository.save or repository.update

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-60542

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-10-29 16:15 修改: 2026-06-17 09:49

validator CVE-2025-12758 高危 13.11.0 13.15.22 Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-11-27 05:16 修改: 2026-06-17 08:32

pnpm CVE-2026-50014 中危 9.0.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50014

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:14

pnpm CVE-2026-50017 中危 9.0.4 10.34.0, 11.4.0 pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50017

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-50021 中危 9.0.4 11.4.0, 10.34.1 pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50021

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50573 中危 9.0.4 10.34.0, 11.4.0 pnpm: pnpm: Package integrity check bypass allows installation of malicious content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50573

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-55180 中危 9.0.4 10.34.2, 11.5.3 pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55180

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55699 中危 9.0.4 10.34.2, 11.5.3 pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55699

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

postcss CVE-2026-41305 中危 8.4.38 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

js-yaml CVE-2025-64718 中危 3.14.1 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

js-yaml CVE-2026-53550 中危 3.14.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 16:16 修改: 2026-07-09 20:33

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

nanoid CVE-2024-55565 中危 3.3.7 5.0.9, 3.3.8 nanoid: nanoid mishandles non-integer values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-55565

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-12-09 02:15 修改: 2026-06-17 08:11

protobufjs CVE-2026-44288 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.2.6 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.2.6 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2025-15284 中危 6.11.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2025-15284 中危 6.13.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.13.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-01-21 20:16 修改: 2026-07-10 12:16

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

micromatch CVE-2024-4067 中危 4.0.5 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

picomatch CVE-2026-33672 中危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

@grpc/grpc-js CVE-2024-37168 中危 1.10.0 1.10.9, 1.9.15, 1.8.22 grps-js: allocate memory for incoming messages well above configured limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37168

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-06-10 22:15 修改: 2026-06-17 07:37

@opentelemetry/core CVE-2026-54285 中危 1.25.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@opentelemetry/core CVE-2026-54285 中危 1.25.1 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

tar CVE-2024-28863 中危 6.2.0 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21

tar CVE-2026-53655 中危 6.2.0 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

@sigstore/core CVE-2026-48758 中危 1.0.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

handlebars CVE-2026-33916 中危 4.7.8 4.7.9 handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33916

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38

handlebars GHSA-7rx3-28cr-v5wh 中危 4.7.8 4.7.9 Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

漏洞详情: https://github.com/advisories/GHSA-7rx3-28cr-v5wh

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-29 15:17 修改: 2026-03-29 15:17

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-05-12 20:16 修改: 2026-07-09 13:17

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-05-12 20:16 修改: 2026-07-09 13:17

pnpm CVE-2024-47829 中危 9.0.4 10.0.0 pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47829

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2025-04-23 16:15 修改: 2026-06-22 14:39

pnpm CVE-2024-53866 中危 9.0.4 9.15.0 pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53866

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2024-12-10 18:15 修改: 2026-06-22 14:38

pnpm CVE-2026-23888 中危 9.0.4 10.28.1 pnpm: pnpm: Arbitrary file write via path traversal in binary fetcher leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23888

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-23889 中危 9.0.4 10.28.1 pnpm: pnpm: Arbitrary file write via path traversal on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23889

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-23890 中危 9.0.4 10.28.1 pnpm: pnpm: Arbitrary code execution via path traversal in bin linking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23890

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-24056 中危 9.0.4 10.28.2 pnpm: pnpm symlink traversal in file:/git dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24056

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

pnpm CVE-2026-24131 中危 9.0.4 10.28.2 pnpm: pnpm: Arbitrary file permission modification via directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24131

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

typeorm GHSA-9ggv-8w38-r7pm 中危 0.3.20 0.3.29 TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

漏洞详情: https://github.com/advisories/GHSA-9ggv-8w38-r7pm

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-06-19 19:18 修改: 2026-06-19 19:18

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

pnpm CVE-2026-48995 中危 9.0.4 10.33.4, 11.0.7 pnpm: pnpm: Supply chain compromise from unverified dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48995

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2026-06-25 18:16 修改: 2026-06-29 20:30

validator CVE-2025-56200 中危 13.11.0 13.15.20 validator.js has a URL validation bypass vulnerability in its isURL function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16

yaml CVE-2026-33532 中危 1.10.2 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

yaml CVE-2026-33532 中危 2.4.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

diff CVE-2026-24001 低危 4.0.2 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:08431e48bbed4cea13c9e6fe825d61952bdc2fca9e8d20363b38e211b4235d02

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

qs CVE-2026-2391 低危 6.11.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:cc8505750fd860f1cad593bac71ce60fa8aba38b5ee7d6e307483a37f308e08d

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

qs CVE-2026-2391 低危 6.13.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

send CVE-2024-43799 低危 0.18.0 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

handlebars GHSA-442j-39wm-28r2 低危 4.7.8 4.7.9 Handlebars.js has a Property Access Validation Bypass in container.lookup

漏洞详情: https://github.com/advisories/GHSA-442j-39wm-28r2

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2026-03-29 15:16 修改: 2026-03-29 15:16

cookie CVE-2024-47764 低危 0.6.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

@sentry/node GHSA-r5w7-f542-q2j4 低危 8.10.0 8.49.0 Potential DoS when using ContextLines integration

漏洞详情: https://github.com/advisories/GHSA-r5w7-f542-q2j4

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-01-28 20:37 修改: 2025-01-28 20:37

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:3febab42168fbd7448d68394703dc021d90fedc089b7a9f6274fe177b42e9dc9

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×