| immer |
CVE-2021-23436 |
严重 |
8.0.4 |
9.0.6 |
immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23436
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2021-09-01 18:15 修改: 2021-09-10 13:33
|
| braces |
CVE-2024-4068 |
高危 |
2.3.2 |
3.0.3 |
braces: fails to limit the number of characters it can handle
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
|
| braces |
CVE-2024-4068 |
高危 |
3.0.2 |
3.0.3 |
braces: fails to limit the number of characters it can handle
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
|
| http-proxy-middleware |
CVE-2024-21536 |
高危 |
2.0.6 |
2.0.7, 3.0.3 |
http-proxy-middleware: Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21536
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-10-19 05:15 修改: 2024-10-21 17:10
|
| http-proxy-middleware |
CVE-2024-21536 |
高危 |
2.0.6 |
2.0.7, 3.0.3 |
http-proxy-middleware: Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21536
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-10-19 05:15 修改: 2024-10-21 17:10
|
| axios |
CVE-2024-39338 |
高危 |
1.6.4 |
1.7.4 |
axios: axios: Server-Side Request Forgery
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39338
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-08-12 13:38 修改: 2024-08-23 18:35
|
| immer |
CVE-2021-3757 |
高危 |
8.0.4 |
9.0.6 |
nodejs-immer: prototype pollution may lead to DoS or remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3757
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2021-09-02 12:15 修改: 2022-09-10 02:46
|
| ip |
CVE-2024-29415 |
高危 |
2.0.0 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:c4d458a8d9a71bfecc09fa0221c41b27a750ec8b9f0dadba7933d4e8d6885873
发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
|
| lodash.template |
CVE-2021-23337 |
高危 |
4.5.0 |
|
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
|
| node-fetch |
CVE-2022-0235 |
高危 |
1.7.3 |
3.1.1, 2.6.7 |
node-fetch: exposure of sensitive information to an unauthorized actor
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0235
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2022-01-16 17:15 修改: 2023-02-03 19:16
|
| nth-check |
CVE-2021-3803 |
高危 |
1.0.2 |
2.0.1 |
nodejs-nth-check: inefficient regular expression complexity
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3803
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2021-09-17 07:15 修改: 2023-07-10 18:52
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
1.7.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
1.8.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
1.8.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
2.4.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| pdfjs-dist |
CVE-2024-4367 |
高危 |
2.16.105 |
4.2.67 |
Mozilla: Arbitrary JavaScript execution in PDF.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4367
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-05-14 18:15 修改: 2024-06-10 17:16
|
| rollup |
CVE-2024-47068 |
高危 |
3.29.4 |
3.29.5, 4.22.4, 2.79.2 |
rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-23 16:15 修改: 2024-09-30 17:39
|
| semver |
CVE-2022-25883 |
高危 |
7.3.8 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
7.3.8 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| vite |
CVE-2023-34092 |
高危 |
4.3.1 |
2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 |
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34092
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-06-01 17:15 修改: 2023-06-09 16:03
|
| vite |
CVE-2024-23331 |
高危 |
4.3.1 |
2.9.17, 3.2.8, 4.5.2, 5.0.12 |
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23331
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-01-19 20:15 修改: 2024-01-29 15:31
|
| webpack-dev-middleware |
CVE-2024-29180 |
高危 |
6.0.1 |
7.1.0, 6.1.2, 5.3.4 |
webpack-dev-middleware: lack of URL validation may lead to file leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29180
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-21 17:15 修改: 2024-03-21 19:47
|
| ws |
CVE-2024-37890 |
高危 |
8.12.0 |
5.2.4, 6.2.3, 7.5.10, 8.17.1 |
nodejs-ws: denial of service when handling a request with many HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
|
| micromatch |
CVE-2024-4067 |
中危 |
3.1.10 |
4.0.8 |
micromatch: vulnerable to Regular Expression Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-05-14 15:42 修改: 2024-08-28 00:15
|
| micromatch |
CVE-2024-4067 |
中危 |
4.0.5 |
4.0.8 |
micromatch: vulnerable to Regular Expression Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-05-14 15:42 修改: 2024-08-28 00:15
|
| axios |
CVE-2023-45857 |
中危 |
0.27.2 |
1.6.0, 0.28.0 |
axios: exposure of confidential data stored in cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-11-08 21:15 修改: 2024-06-21 19:15
|
| express |
CVE-2024-29041 |
中危 |
4.18.2 |
4.19.2, 5.0.0-beta.3 |
express: cause malformed URLs to be evaluated
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
|
| tar |
CVE-2024-28863 |
中危 |
6.1.13 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| tar |
CVE-2024-28863 |
中危 |
6.1.13 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| tar |
CVE-2024-28863 |
中危 |
6.1.15 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:c4d458a8d9a71bfecc09fa0221c41b27a750ec8b9f0dadba7933d4e8d6885873
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| express |
CVE-2024-29041 |
中危 |
4.18.2 |
4.19.2, 5.0.0-beta.3 |
express: cause malformed URLs to be evaluated
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
|
| express |
CVE-2024-43796 |
中危 |
4.18.2 |
4.20.0, 5.0.0 |
express: Improper Input Handling in Express Redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
|
| vite |
CVE-2024-31207 |
中危 |
4.3.1 |
2.9.18, 3.2.10, 4.5.3, 5.0.13, 5.1.7, 5.2.6 |
vitejs: "server.fs.deny" configuration does not deny requests that include patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31207
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-04-04 16:15 修改: 2024-04-04 16:33
|
| vite |
CVE-2024-45811 |
中危 |
4.3.1 |
5.4.6, 5.3.6, 5.2.14, 4.5.4, 3.2.11, 5.1.8 |
vite: server.fs.deny is bypassed when using `?import&raw`
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45811
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-17 20:15 修改: 2024-09-20 12:30
|
| vite |
CVE-2024-45812 |
中危 |
4.3.1 |
5.4.6, 5.3.6, 5.2.14, 4.5.4, 3.2.11, 5.1.8 |
vite: XSS via DOM Clobbering gadget found in vite bundled scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45812
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-17 20:15 修改: 2024-09-20 12:30
|
| webpack |
CVE-2024-43788 |
中危 |
5.89.0 |
5.94.0 |
webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43788
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-08-27 17:15 修改: 2024-09-03 15:15
|
| express |
CVE-2024-43796 |
中危 |
4.18.2 |
4.20.0, 5.0.0 |
express: Improper Input Handling in Express Redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
|
| follow-redirects |
CVE-2024-28849 |
中危 |
1.15.4 |
1.15.6 |
follow-redirects: Possible credential leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-03-14 17:15 修改: 2024-03-23 03:15
|
| zod |
CVE-2023-4316 |
中危 |
3.20.6 |
3.22.3 |
Zod denial of service vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4316
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-09-28 21:15 修改: 2024-09-05 22:15
|
| zod |
CVE-2023-4316 |
中危 |
3.20.6 |
3.22.3 |
Zod denial of service vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4316
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2023-09-28 21:15 修改: 2024-09-05 22:15
|
| elliptic |
CVE-2024-48948 |
低危 |
6.5.4 |
|
elliptic: ECDSA signature verification error may reject legitimate transactions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-48948
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-10-15 14:15 修改: 2024-10-16 16:38
|
| ip |
CVE-2023-42282 |
低危 |
2.0.0 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:c4d458a8d9a71bfecc09fa0221c41b27a750ec8b9f0dadba7933d4e8d6885873
发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
|
| elliptic |
CVE-2024-48949 |
低危 |
6.5.4 |
6.5.6 |
elliptic: Missing Validation in Elliptic's EDDSA Signature Verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-48949
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-10-10 01:15 修改: 2024-10-15 14:07
|
| es5-ext |
CVE-2024-27088 |
低危 |
0.10.62 |
0.10.63 |
es5-ext contains ECMAScript 5 extensions. Passing functions with very ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27088
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-02-26 17:15 修改: 2024-02-26 22:10
|
| elliptic |
CVE-2024-42459 |
低危 |
6.5.4 |
6.5.7 |
elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42459
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-08-02 07:16 修改: 2024-08-02 15:35
|
| elliptic |
CVE-2024-42460 |
低危 |
6.5.4 |
6.5.7 |
elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42460
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-08-02 07:16 修改: 2024-08-02 16:35
|
| elliptic |
CVE-2024-42461 |
低危 |
6.5.4 |
6.5.7 |
elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42461
镜像层: sha256:9224e1709653da8b8b62296ec1411fe680ed1d96a6ca4859a12eac51b728e6ef
发布日期: 2024-08-02 07:16 修改: 2024-08-16 16:51
|