docker.io/docker.litellm.ai/berriai/litellm:main-stable linux/arm64

docker.io/docker.litellm.ai/berriai/litellm:main-stable - Trivy安全扫描结果扫描时间: 2026-06-18 10:14 温馨提示: 这是一个 linux/arm64 系统架构镜像

全部漏洞信息

低危漏洞:31

中危漏洞:26

高危漏洞:10

严重漏洞:0

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-18 10:14

docker.io/docker.litellm.ai/berriai/litellm:main-stable (wolfi 20230201) (wolfi)

低危漏洞:22

中危漏洞:12

高危漏洞:6

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
busybox	CVE-2023-39810	高危	1.37.0-r57	1.37.0-r58	busybox: CPIO command of Busybox allows attackers to execute a directory traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39810 镜像层: sha256:437dbd0ac3be24ac253171bc7a5e6e481b0712c33506a84dd10772b429a4317a 发布日期: 2023-08-28 19:15 修改: 2025-04-24 20:15
busybox	CVE-2026-26157	高危	1.37.0-r57	1.37.0-r58	busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26157 镜像层: sha256:437dbd0ac3be24ac253171bc7a5e6e481b0712c33506a84dd10772b429a4317a 发布日期: 2026-02-11 21:16 修改: 2026-06-02 14:16
busybox	CVE-2026-26158	高危	1.37.0-r57	1.37.0-r58	busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26158 镜像层: sha256:437dbd0ac3be24ac253171bc7a5e6e481b0712c33506a84dd10772b429a4317a 发布日期: 2026-02-11 21:16 修改: 2026-06-02 14:16
libcrypto3	CVE-2026-45447	高危	3.6.2-r3	3.6.3-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libssl3	CVE-2026-45447	高危	3.6.2-r3	3.6.3-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
py3-pip-wheel	CVE-2026-44432	高危	26.1.2-r0	26.1.2-r1	urllib3: urllib3: Denial of Service due to excessive HTTP response decompression 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44432 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:49
libcrypto3	CVE-2026-35188	中危	3.6.2-r3	3.6.3-r0	Issue summary: A malicious server can exploit TLS OCSP stapling by del ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35188 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libcrypto3	CVE-2026-42764	中危	3.6.2-r3	3.6.3-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3	CVE-2026-45445	中危	3.6.2-r3	3.6.3-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3	CVE-2026-34182	中危	3.6.2-r3	3.6.3-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34182	中危	3.6.2-r3	3.6.3-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34183	中危	3.6.2-r3	3.6.3-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3	CVE-2026-35188	中危	3.6.2-r3	3.6.3-r0	Issue summary: A malicious server can exploit TLS OCSP stapling by del ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35188 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3	CVE-2026-42764	中危	3.6.2-r3	3.6.3-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3	CVE-2026-45445	中危	3.6.2-r3	3.6.3-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3	CVE-2026-34183	中危	3.6.2-r3	3.6.3-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
py3-pip-wheel	CVE-2026-44431	中危	26.1.2-r0	26.1.2-r1	urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:56
py3-pip-wheel	CVE-2026-45409	中危	26.1.2-r0	26.1.2-r1	Internationalized Domain Names in Applications (IDNA) for Python provi ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 2026-06-05 23:16 修改: 2026-06-15 18:52
libcrypto3	CVE-2026-7383	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libcrypto3	CVE-2026-9076	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3	CVE-2026-34180	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3	CVE-2026-34181	低危	3.6.2-r3	3.6.3-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3	CVE-2026-42765	低危	3.6.2-r3	3.6.3-r0	Issue summary: When a partial-chain certificate verification is enable ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42765 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:14
libcrypto3	CVE-2026-42766	低危	3.6.2-r3	3.6.3-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3	CVE-2026-42767	低危	3.6.2-r3	3.6.3-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3	CVE-2026-42768	低危	3.6.2-r3	3.6.3-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-34180	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34181	低危	3.6.2-r3	3.6.3-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-42765	低危	3.6.2-r3	3.6.3-r0	Issue summary: When a partial-chain certificate verification is enable ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42765 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:14
libssl3	CVE-2026-42766	低危	3.6.2-r3	3.6.3-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3	CVE-2026-42767	低危	3.6.2-r3	3.6.3-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-42768	低危	3.6.2-r3	3.6.3-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-42769	低危	3.6.2-r3	3.6.3-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libssl3	CVE-2026-42770	低危	3.6.2-r3	3.6.3-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-45446	低危	3.6.2-r3	3.6.3-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libssl3	CVE-2026-7383	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libssl3	CVE-2026-9076	低危	3.6.2-r3	3.6.3-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3	CVE-2026-42769	低危	3.6.2-r3	3.6.3-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libcrypto3	CVE-2026-42770	低危	3.6.2-r3	3.6.3-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3	CVE-2026-45446	低危	3.6.2-r3	3.6.3-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:17980e55ed62d8ebf00029e8c918081ec38d358cfd3331bb1ecfe72b25ea3e02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57

Node.js (node-pkg)

低危漏洞:0

中危漏洞:4

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
brace-expansion	CVE-2026-45149	中危	5.0.5	5.0.6	brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
brace-expansion	CVE-2026-45149	中危	5.0.5	5.0.6	brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
tar	CVE-2026-53655	中危	7.5.11	7.5.16	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
tar	CVE-2026-53655	中危	7.5.11	7.5.16	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655 镜像层: sha256:df29c36208121cee5f59ab48e7ebc355ee1067e70d7418aa579eaa84db1d5e79 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

Python (python-pkg)

低危漏洞:9

中危漏洞:10

高危漏洞:4

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
PyJWT	CVE-2026-48526	高危	2.12.0	2.13.0	python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:45
cryptography	GHSA-537c-gmf6-5ccf	高危	46.0.7	48.0.1	Vulnerable OpenSSL included in cryptography wheels 漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
python-multipart	CVE-2026-53539	高危	0.0.27	0.0.30	python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53539 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
starlette	CVE-2026-54283	高危	1.1.0	1.3.1	Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54283 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-34993	中危	3.13.5	3.14.0	aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp	CVE-2026-47265	中危	3.13.5	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
aiohttp	CVE-2026-54273	中危	3.13.5	3.14.1	aiohttp: HTTP/1 Pipelined Requests Queue Without Limit 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54274	中危	3.13.5	3.14.1	aiohttp: Incomplete websocket frame payloads bypass memory limits 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54276	中危	3.13.5	3.14.1	aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54277	中危	3.13.5	3.14.1	aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54278	中危	3.13.5	3.14.1	aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
PyJWT	CVE-2026-48522	中危	2.12.0	2.13.0	python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-05-28 16:16 修改: 2026-06-02 17:16
PyJWT	CVE-2026-48523	中危	2.12.0	2.13.0	python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48523 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:44
PyJWT	CVE-2026-48525	中危	2.12.0	2.13.0	python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:45
aiohttp	CVE-2026-54279	低危	3.13.5	3.14.1	aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54280	低危	3.13.5	3.14.1	aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
PyJWT	CVE-2026-48524	低危	2.12.0	2.13.0	python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:44
aiohttp	CVE-2026-50269	低危	3.13.5	3.14.0	aiohttp: CRLF injection in multipart headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart	CVE-2026-53537	低危	0.0.27	0.0.30	python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53537 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart	CVE-2026-53538	低危	0.0.27	0.0.30	python-multipart: Semicolon treated as querystring field separator enables parameter smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53538 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart	CVE-2026-53540	低危	0.0.27	0.0.31	python-multipart: Negative Content-Length in parse_form buffers the entire body in memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53540 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp	CVE-2026-54275	低危	3.13.5	3.14.1	aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
starlette	CVE-2026-54282	低危	1.1.0	1.3.0	Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54282 镜像层: sha256:bf63fcfb41c57f54b014fb9d028d193c606c6ac0005579042a162b40792e0817 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00