docker.io/camunda/console:8.8.7 linux/arm64

docker.io/camunda/console:8.8.7 - Trivy安全扫描结果 扫描时间: 2026-07-09 21:33 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:29 中危漏洞:66 高危漏洞:84 严重漏洞:4

系统OS: alpine 3.21.4 扫描引擎: Trivy 扫描时间: 2026-07-09 21:33

docker.io/camunda/console:8.8.7 (alpine 3.21.4) (alpine)
低危漏洞:21 中危漏洞:27 高危漏洞:21 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2025-69421 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2026-28387 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28388 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libexpat CVE-2026-25210 高危 2.7.3-r0 2.7.4-r0 libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25210

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-01-30 07:16 修改: 2026-06-17 10:24

libexpat CVE-2026-45186 高危 2.7.3-r0 2.8.1-r0 libexpat: denial of service via crafted XML input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-05-10 07:16 修改: 2026-06-30 03:20

libexpat CVE-2026-56131 高危 2.7.3-r0 2.8.2-r0 libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56131

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56407 高危 2.7.3-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in doProlog that is rela ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56407

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:28

libexpat CVE-2026-56408 高危 2.7.3-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in copyString.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56408

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:27

libcrypto3 CVE-2025-15467 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-15467 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-69421 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2026-28387 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

musl CVE-2026-40200 高危 1.2.5-r9 1.2.5-r11 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2026-40200 高危 1.2.5-r9 1.2.5-r11 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

nghttp2-libs CVE-2026-27135 高危 1.64.0-r0 1.68.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-03-18 18:16 修改: 2026-06-30 03:17

zlib CVE-2026-22184 高危 1.3.1-r2 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

libexpat CVE-2026-56132 中危 2.7.3-r0 2.8.2-r0 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56403 中危 2.7.3-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56404 中危 2.7.3-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in addBinding.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56404

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56405 中危 2.7.3-r0 2.8.2-r0 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

libexpat CVE-2026-56406 中危 2.7.3-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

libexpat CVE-2026-56410 中危 2.7.3-r0 2.8.2-r0 libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56410

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:18

libexpat CVE-2026-56411 中危 2.7.3-r0 2.8.2-r0 expat: libexpat: Integer Overflow Vulnerability Leading to Information Disclosure or Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56411

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 17:16 修改: 2026-06-23 16:16

libexpat CVE-2026-56412 中危 2.7.3-r0 2.8.2-r0 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

libcrypto3 CVE-2025-9231 中危 3.3.4-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-31790 中危 3.3.4-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

busybox-binsh CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

c-ares CVE-2025-62408 中危 1.34.5-r0 1.34.6-r0 c-ares: c-ares: Denial of Service due to query termination after maximum attempts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62408

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2025-12-08 22:15 修改: 2026-06-17 09:51

busybox CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libcrypto3 CVE-2025-69419 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9230 中危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-69419 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9230 中危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-9231 中危 3.3.4-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.3.4-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libexpat CVE-2026-32776 中危 2.7.3-r0 2.7.5-r0 libexpat: libexpat: Denial of Service due to NULL pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32776

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

musl CVE-2026-6042 中危 1.2.5-r9 1.2.5-r10 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libexpat CVE-2026-32777 中危 2.7.3-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32777

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

musl-utils CVE-2026-6042 中危 1.2.5-r9 1.2.5-r10 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libexpat CVE-2026-32778 中危 2.7.3-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32778

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

ssl_client CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

libexpat CVE-2026-50219 中危 2.7.3-r0 2.8.2-r0 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

zlib CVE-2026-27171 中危 1.3.1-r2 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libcrypto3 CVE-2025-68160 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libcrypto3 CVE-2025-69418 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-69420 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libexpat CVE-2026-24515 低危 2.7.3-r0 2.7.4-r0 libexpat: libexpat null pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24515

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-01-23 08:16 修改: 2026-06-17 10:23

libssl3 CVE-2025-15468 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-66199 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libssl3 CVE-2025-68160 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69420 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9232 低危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-22795 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2026-22796 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libexpat CVE-2026-41080 低危 2.7.3-r0 2.8.1-r0 libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41080

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-04-16 17:16 修改: 2026-06-17 10:46

libcrypto3 CVE-2025-9232 低危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-22795 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcrypto3 CVE-2026-22796 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

busybox CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

busybox-binsh CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

ssl_client CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2025-15468 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libcrypto3 CVE-2025-66199 低危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:31d48dc5ebd795176e7747f30d646d971d64a6c3e467601c59fb733ef6870fd6

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

c-ares CVE-2026-33630 未知 1.34.5-r0 1.34.8-r0

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33630

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libexpat CVE-2026-56409 未知 2.7.3-r0 2.8.2-r0 xmlwf in libexpat before 2.8.2 has an integer overflow for the output ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56409

镜像层: sha256:7042af9ad7502ca32109aa005383bcbe0ff9cba53a7380cb6f837d89365c0518

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:21

Node.js (node-pkg)
低危漏洞:8 中危漏洞:39 高危漏洞:63 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
handlebars CVE-2026-33937 严重 4.7.8 4.7.9 handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33937

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

protobufjs CVE-2026-41242 严重 7.5.0 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

@hapi/content CVE-2026-35213 高危 6.0.0 6.0.1 @hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35213

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-04-06 21:16 修改: 2026-06-17 10:40

@hapi/content CVE-2026-44974 高危 6.0.0 6.0.2 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44974

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

form-data CVE-2026-12143 高危 4.0.4 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-12 19:16 修改: 2026-07-08 13:16

glob CVE-2025-64756 高危 10.4.5 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 10.4.5 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

@grpc/grpc-js CVE-2026-48068 高危 1.13.3 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: A malformed request can cause a server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

handlebars CVE-2026-33938 高危 4.7.8 4.7.9 handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33938

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

handlebars CVE-2026-33939 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33939

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33940 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33940

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33941 高危 4.7.8 4.7.9 handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33941

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

jws CVE-2025-65945 高危 4.0.0 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 7.4.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 7.4.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 7.4.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.4 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.4 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.4 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.5 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

path-to-regexp CVE-2026-4867 高危 0.1.12 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

picomatch CVE-2026-33671 高危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

@grpc/grpc-js CVE-2026-48069 高危 1.13.3 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

protobufjs CVE-2026-44289 高危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 7.5.0 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

sigstore CVE-2026-48815 高危 3.0.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 7.4.3 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23745 高危 7.4.3 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 7.4.3 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 7.4.3 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 7.4.3 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-24842 高危 7.4.3 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 7.4.3 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 7.4.3 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 7.4.3 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-29786 高危 7.4.3 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 7.4.3 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 7.4.3 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

undici CVE-2026-12151 高危 7.16.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-1526 高危 7.16.0 6.24.0, 7.24.0 undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1526

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-12 21:16 修改: 2026-07-02 12:16

undici CVE-2026-1528 高危 7.16.0 6.24.0, 7.24.0 undici: undici: Denial of Service via crafted WebSocket frame with large length

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1528

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-12 21:16 修改: 2026-07-02 12:16

undici CVE-2026-2229 高危 7.16.0 6.24.0, 7.24.0 undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2229

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-12 21:16 修改: 2026-07-02 12:17

validator CVE-2025-12758 高危 13.15.15 13.15.22 Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-11-27 05:16 修改: 2026-06-17 08:32

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

picomatch CVE-2026-33672 中危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

postcss CVE-2026-41305 中危 8.5.6 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

@sigstore/core CVE-2026-48758 中危 2.0.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

@hapi/wreck CVE-2026-44979 中危 18.1.0 18.1.1 @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

handlebars CVE-2026-33916 中危 4.7.8 4.7.9 handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33916

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38

handlebars GHSA-7rx3-28cr-v5wh 中危 4.7.8 4.7.9 Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

漏洞详情: https://github.com/advisories/GHSA-7rx3-28cr-v5wh

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-29 15:17 修改: 2026-03-29 15:17

protobufjs CVE-2026-44288 中危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.5.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.5.0 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.5.0 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2025-15284 中危 6.13.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.13.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

js-yaml CVE-2025-64718 中危 3.14.1 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

tar CVE-2026-53655 中危 7.4.3 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 7.4.3 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

ts-deepmerge CVE-2026-12644 中危 7.0.3 8.0.0 ts-deepmerge: Prototype Method Override leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12644

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-19 06:17 修改: 2026-06-23 15:42

typeorm GHSA-9ggv-8w38-r7pm 中危 0.3.26 0.3.29 TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

漏洞详情: https://github.com/advisories/GHSA-9ggv-8w38-r7pm

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-19 19:18 修改: 2026-06-19 19:18

js-yaml CVE-2026-53550 中危 3.14.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

@hapi/wreck CVE-2026-48022 中危 18.1.0 18.1.2 @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48022

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@opentelemetry/core CVE-2026-54285 中危 1.30.1 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

undici CVE-2026-1525 中危 7.16.0 6.24.0, 7.24.0 undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1525

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-12 20:16 修改: 2026-06-17 10:15

undici CVE-2026-1527 中危 7.16.0 6.24.0, 7.24.0 undici: Undici: HTTP header injection and request smuggling vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1527

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:16

undici CVE-2026-22036 中危 7.16.0 7.18.2, 6.23.0 undici: Undici: Denial of Service via excessive decompression steps

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22036

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-14 19:16 修改: 2026-06-17 10:19

undici CVE-2026-9678 中危 7.16.0 7.28.0, 8.5.0 undici: Undici: Information disclosure due to improper cache-control header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9678

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:44

undici CVE-2026-9679 中危 7.16.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

uuid CVE-2026-41907 中危 11.1.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-21 20:16 修改: 2026-07-03 13:16

validator CVE-2025-56200 中危 13.15.15 13.15.20 validator.js has a URL validation bypass vulnerability in its isURL function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16

yaml CVE-2026-33532 中危 1.10.2 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

yaml CVE-2026-33532 中危 2.8.0 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

undici CVE-2026-11525 低危 7.16.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 7.16.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

qs CVE-2026-2391 低危 6.13.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:8fa36225f1c14652201bc3e5eb225e7bbc52e16a11b249319d008d280d1b543a

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

handlebars GHSA-442j-39wm-28r2 低危 4.7.8 4.7.9 Handlebars.js has a Property Access Validation Bypass in container.lookup

漏洞详情: https://github.com/advisories/GHSA-442j-39wm-28r2

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-03-29 15:16 修改: 2026-03-29 15:16

diff CVE-2026-24001 低危 4.0.2 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:db708011e25342eff9ac2b5fbdf85c63801974fe57c67466fca0b157f457dbf9

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×