docker.io/douliu676/mailplus:v1.0.1 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:0

中危漏洞:24

高危漏洞:38

严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-23 00:27

docker.io/douliu676/mailplus:v1.0.1 (alpine 3.24.1) (alpine)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:4

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
picomatch	CVE-2026-33671	高危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671 镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
ip-address	CVE-2026-42338	中危	10.1.0	10.1.1	ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
brace-expansion	CVE-2026-33750	中危	2.0.2	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch	CVE-2026-33672	中危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672 镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
tar	CVE-2026-53655	中危	7.5.11	7.5.16	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655 镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

app/bin/xray/linux-amd64/xray (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-32280	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.26.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33810	高危	v1.26.1	1.26.2	crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33810 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-20 18:16
stdlib	CVE-2026-33811	高危	v1.26.1	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.26.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.26.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.26.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.26.1	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.26.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.26.1	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.26.1	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.26.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.26.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.26.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.26.1	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.26.1	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

app/bin/xray/linux-arm64/xray (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-32280	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.26.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33810	高危	v1.26.1	1.26.2	crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33810 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-20 18:16
stdlib	CVE-2026-33811	高危	v1.26.1	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.26.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.26.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.26.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.26.1	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.26.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.26.1	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.26.1	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.26.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.26.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.26.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.26.1	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.26.1	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

app/bin/xray/linux-armv7/xray (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-32280	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.26.1	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.26.1	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33810	高危	v1.26.1	1.26.2	crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33810 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-20 18:16
stdlib	CVE-2026-33811	高危	v1.26.1	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.1	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.26.1	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.26.1	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.26.1	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.26.1	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.26.1	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.26.1	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.26.1	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.26.1	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.26.1	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.26.1	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.26.1	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.26.1	1.25.11, 1.26.4	net/textproto: golang: Golang net/textproto: Misleading error messages via input injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:708d8493d0a00dcc302a0d5b4cf59a5c2626ff5863c945f1d9130a6a51970a51 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

app/mail-backend (gobinary)

低危漏洞:0

中危漏洞:2

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/quic-go/quic-go	CVE-2025-59530	高危	v0.54.0	0.49.1, 0.54.1	github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59530 镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45 发布日期: 2025-10-10 16:15 修改: 2026-04-15 00:35
github.com/quic-go/quic-go	CVE-2025-64702	中危	v0.54.0	0.57.0	github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64702 镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45 发布日期: 2025-12-11 21:15 修改: 2026-02-17 15:58
github.com/quic-go/quic-go	CVE-2026-40898	中危	v0.54.0	0.59.1	quic-go is an implementation of the QUIC protocol in Go. Prior to vers ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40898 镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45 发布日期: 2026-06-04 19:16 修改: 2026-06-05 21:08

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

github.com/quic-go/quic-go

CVE-2025-59530

高危

v0.54.0

0.49.1, 0.54.1

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59530

镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45

发布日期: 2025-10-10 16:15 修改: 2026-04-15 00:35

github.com/quic-go/quic-go

CVE-2025-64702

中危

v0.54.0

0.57.0

github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64702

镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45

发布日期: 2025-12-11 21:15 修改: 2026-02-17 15:58

github.com/quic-go/quic-go

CVE-2026-40898

中危

v0.54.0

0.59.1

quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40898

镜像层: sha256:8a1213a4c573cc1b1a653145b9f2ca786bfa79eb24e6094236b40e145e811f45

发布日期: 2026-06-04 19:16 修改: 2026-06-05 21:08

docker.io/douliu676/mailplus:v1.0.1 linux/amd64

全部漏洞信息

docker.io/douliu676/mailplus:v1.0.1 (alpine 3.24.1) (alpine)

Node.js (node-pkg)

app/bin/xray/linux-amd64/xray (gobinary)

app/bin/xray/linux-arm64/xray (gobinary)

app/bin/xray/linux-armv7/xray (gobinary)

app/mail-backend (gobinary)