docker.io/elastic/kibana:8.18.8 linux/amd64

docker.io/elastic/kibana:8.18.8 - Trivy安全扫描结果扫描时间: 2026-06-29 17:35

全部漏洞信息

低危漏洞:95

中危漏洞:181

高危漏洞:82

严重漏洞:4

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-29 17:35

docker.io/elastic/kibana:8.18.8 (ubuntu 24.04) (ubuntu)

低危漏洞:84

中危漏洞:101

高危漏洞:3

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
gpgv	CVE-2025-68973	高危	2.4.4-2ubuntu17.3	2.4.4-2ubuntu17.4	GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2025-12-28 17:16 修改: 2026-06-17 09:59
libssl3t64	CVE-2026-45447	高危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
openssl	CVE-2026-45447	高危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
curl	CVE-2026-1965	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
curl	CVE-2026-3783	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2026-5545	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
curl	CVE-2026-6253	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
curl	CVE-2026-6429	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
curl	CVE-2026-7168	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01
curl	CVE-2026-8927	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-07 09:16 修改: 2026-06-17 10:30
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libc-bin	CVE-2025-15281	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37
libc-bin	CVE-2026-0861	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11
libc-bin	CVE-2026-0915	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.6		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.6		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.6		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.6		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.6		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17
libc6	CVE-2025-15281	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37
libc6	CVE-2026-0861	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: Integer overflow in memalign leads to heap corruption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11
libc6	CVE-2026-0915	中危	2.39-0ubuntu8.6	2.39-0ubuntu8.7	glibc: glibc: Information disclosure via zero-valued network query 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.6		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.6		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.6		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-20 20:16 修改: 2026-06-17 10:56
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.6		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.6		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-09 16:16 修改: 2026-06-27 08:16
libcurl4t64	CVE-2025-14017	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
libcurl4t64	CVE-2026-11856	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-1965	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1965 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:15 修改: 2026-06-17 10:16
libcurl4t64	CVE-2026-3783	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3783 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2026-5545	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
libcurl4t64	CVE-2026-6253	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-6429	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Credential leak via reused proxy connection during HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-7168	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:01
libcurl4t64	CVE-2026-8927	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libexpat1	CVE-2025-66382	中危	2.6.1-2ubuntu0.3		libexpat: libexpat: Denial of service via crafted file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-11-28 07:15 修改: 2026-06-17 09:56
libexpat1	CVE-2026-24515	中危	2.6.1-2ubuntu0.3	2.6.1-2ubuntu0.4	libexpat: libexpat null pointer dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24515 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-23 08:16 修改: 2026-06-17 10:23
libexpat1	CVE-2026-25210	中危	2.6.1-2ubuntu0.3	2.6.1-2ubuntu0.4	libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25210 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-30 07:16 修改: 2026-06-17 10:24
libfreetype6	CVE-2026-23865	中危	2.13.2+dfsg-1build3	2.13.2+dfsg-1ubuntu0.1	freetype: Information disclosure or denial of service via specially crafted font files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23865 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-02 17:16 修改: 2026-06-17 10:22
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-23 05:16 修改: 2026-06-17 10:47
libgnutls30t64	CVE-2025-14831	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.5	gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-02-09 15:16 修改: 2026-06-25 04:17
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-30 18:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-04 10:15 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-30 18:16 修改: 2026-06-24 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-30 18:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-18 13:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-07 12:16 修改: 2026-06-26 11:16
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-07 15:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-06-16 02:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 22:16 修改: 2026-06-26 08:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-06-01 21:16 修改: 2026-06-26 08:16
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libnghttp2-14	CVE-2026-27135	中危	1.59.0-1ubuntu0.2	1.59.0-1ubuntu0.3	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-18 18:16 修改: 2026-06-17 10:26
libnss3	CVE-2026-2781	中危	2:3.98-1build1	2:3.98-1ubuntu0.1	firefox: thunderbird: Integer overflow in the Libraries component in NSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2781 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-02-24 14:16 修改: 2026-06-17 10:31
libpng16-16t64	CVE-2025-28162	中危	1.6.43-5build1	1.6.43-5ubuntu0.4	libpng: libpng: Denial of Service via buffer overflow in pngimage utility 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-28162 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:04
libpng16-16t64	CVE-2025-28164	中危	1.6.43-5build1	1.6.43-5ubuntu0.4	libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-28164 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:04
libpng16-16t64	CVE-2025-64505	中危	1.6.43-5build1	1.6.43-5ubuntu0.1	libpng: LIBPNG heap buffer overflow via malformed palette index 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64505 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54
libpng16-16t64	CVE-2025-64506	中危	1.6.43-5build1	1.6.43-5ubuntu0.1	libpng: LIBPNG heap buffer over-read 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64506 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:54
libpng16-16t64	CVE-2025-64720	中危	1.6.43-5build1	1.6.43-5ubuntu0.1	libpng: LIBPNG buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64720 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55
libpng16-16t64	CVE-2025-65018	中危	1.6.43-5build1	1.6.43-5ubuntu0.1	libpng: LIBPNG heap buffer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65018 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-11-25 00:15 修改: 2026-06-17 09:55
libpng16-16t64	CVE-2025-66293	中危	1.6.43-5build1	1.6.43-5ubuntu0.3	libpng: LIBPNG out-of-bounds read in png_image_read_composite 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66293 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-12-03 21:15 修改: 2026-06-17 09:56
libpng16-16t64	CVE-2026-22695	中危	1.6.43-5build1	1.6.43-5ubuntu0.3	libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22695 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20
libpng16-16t64	CVE-2026-22801	中危	1.6.43-5build1	1.6.43-5ubuntu0.3	libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22801 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-12 23:15 修改: 2026-06-17 10:20
libpng16-16t64	CVE-2026-25646	中危	1.6.43-5build1	1.6.43-5ubuntu0.5	libpng: LIBPNG has a heap buffer overflow in png_set_quantize 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25646 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-02-10 18:16 修改: 2026-06-17 10:25
libpng16-16t64	CVE-2026-33416	中危	1.6.43-5build1	1.6.43-5ubuntu0.6	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33416 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37
libpng16-16t64	CVE-2026-33636	中危	1.6.43-5build1	1.6.43-5ubuntu0.6	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33636 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:37
libpng16-16t64	CVE-2026-34757	中危	1.6.43-5build1	1.6.43-5ubuntu0.6	libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-09 15:16 修改: 2026-06-17 10:39
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libssh-4	CVE-2026-0964	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: Improper sanitation of paths received from SCP servers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0964 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0967	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via inefficient regular expression processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0967 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0968	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service due to malformed SFTP message 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0968 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-3731	中危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.4	libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3731 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-08 11:15 修改: 2026-06-17 10:44
curl	CVE-2025-14017	中危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14017 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:35
libssl3t64	CVE-2025-15467	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37
libssl3t64	CVE-2026-31790	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3t64	CVE-2026-34182	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3t64	CVE-2026-45445	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libsystemd0	CVE-2026-29111	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29
libsystemd0	CVE-2026-40225	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libtasn1-6	CVE-2025-13151	中危	4.19.0-3ubuntu0.24.04.1	4.19.0-3ubuntu0.24.04.2	libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33
libudev1	CVE-2026-29111	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29
libudev1	CVE-2026-40225	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.14	systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.10	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
curl	CVE-2026-11856	中危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
openssl	CVE-2025-15467	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37
openssl	CVE-2026-31790	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
openssl	CVE-2026-34182	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
openssl	CVE-2026-45445	中危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
perl-base	CVE-2026-42496	中危	5.38.2-3.2ubuntu0.2	5.38.2-3.2ubuntu0.3	perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 02:16 修改: 2026-06-17 10:47
perl-base	CVE-2026-8376	中危	5.38.2-3.2ubuntu0.2	5.38.2-3.2ubuntu0.3	Perl versions through 5.43.10 have a heap buffer overflow when compili ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	sed: GNU sed TOCTOU race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-20 12:16 修改: 2026-06-17 10:59
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2025-07-11 17:15 修改: 2026-06-17 09:25
tar	CVE-2026-5704	中危	1.35+dfsg-3build1	1.35+dfsg-3ubuntu0.1	tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:59
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.3		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27
libcurl4t64	CVE-2026-6276	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libcurl4t64	CVE-2026-8286	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-8458	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-8924	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-8932	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-9547	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8286	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8458	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8924	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-8932	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-9547	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24
libssh-4	CVE-2025-8114	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.2	libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8114 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-07-24 15:15 修改: 2026-06-25 05:16
libssh-4	CVE-2025-8277	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: Memory Exhaustion via Repeated Key Exchange in libssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8277 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-09-09 12:15 修改: 2026-06-25 08:16
libssh-4	CVE-2026-0965	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via improper configuration file handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0965 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
libssh-4	CVE-2026-0966	低危	0.10.6-2ubuntu0.1	0.10.6-2ubuntu0.3	libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0966 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:11
curl	CVE-2025-0167	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25
curl	CVE-2025-10148	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: predictable WebSocket mask 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27
curl	CVE-2025-14524	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
curl	CVE-2025-14819	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
curl	CVE-2025-15079	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Host verification bypass during SSH transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
libssl3t64	CVE-2025-68160	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58
libssl3t64	CVE-2025-69418	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69419	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69420	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed TimeStamp Response 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2025-69421	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
libssl3t64	CVE-2026-22795	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
libssl3t64	CVE-2026-22796	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
libssl3t64	CVE-2026-28387	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28388	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28389	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-28390	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
libssl3t64	CVE-2026-31789	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
libssl3t64	CVE-2026-34180	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
libssl3t64	CVE-2026-42766	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-42767	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-42770	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
libssl3t64	CVE-2026-45446	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
libssl3t64	CVE-2026-7383	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02
libssl3t64	CVE-2026-9076	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
curl	CVE-2025-15224	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libssh key passphrase bypass without agent set 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
curl	CVE-2026-10536	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl	CVE-2026-12064	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.10		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
curl	CVE-2026-3784	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
curl	CVE-2026-4873	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57
curl	CVE-2026-5773	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
curl	CVE-2026-6276	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 11:00
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.10		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2025-0167	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	When asked to use a `.netrc` file for credentials and to follow HT ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0167 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-02-05 10:15 修改: 2026-06-17 08:25
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12
libcurl4t64	CVE-2025-10148	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: predictable WebSocket mask 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27
libgnutls30t64	CVE-2025-9820	低危	3.8.3-1.1ubuntu3.4	3.8.3-1.1ubuntu3.5	gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-01-26 20:16 修改: 2026-06-25 08:16
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39
libcurl4t64	CVE-2025-14524	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14524 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcurl4t64	CVE-2025-14819	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libcurl: Improper certificate validation due to cached TLS settings reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14819 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:36
libcurl4t64	CVE-2025-15079	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: Host verification bypass during SSH transfers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15079 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
openssl	CVE-2025-68160	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58
openssl	CVE-2025-69418	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69419	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69420	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed TimeStamp Response 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2025-69421	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00
openssl	CVE-2026-22795	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
openssl	CVE-2026-22796	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.7	openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20
openssl	CVE-2026-28387	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28388	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28389	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service vulnerability in CMS processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-28390	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28
openssl	CVE-2026-31789	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.9	openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34
openssl	CVE-2026-34180	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38
openssl	CVE-2026-42766	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-42767	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-42770	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48
openssl	CVE-2026-45446	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52
openssl	CVE-2026-7383	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02
openssl	CVE-2026-9076	低危	3.0.13-0ubuntu3.6	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12
libcurl4t64	CVE-2025-15224	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.7	curl: libssh key passphrase bypass without agent set 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15224 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-01-08 10:15 修改: 2026-06-17 08:37
libcurl4t64	CVE-2026-10536	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-12064	低危	8.5.0-2ubuntu10.6		漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64	CVE-2026-3784	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.8	curl: curl: Unauthorized access due to improper HTTP proxy connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3784 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-03-11 11:16 修改: 2026-06-17 10:44
libcurl4t64	CVE-2026-4873	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: curl: Information disclosure due to incorrect TLS connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:57
libcurl4t64	CVE-2026-5773	低危	8.5.0-2ubuntu10.6	8.5.0-2ubuntu10.9	curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773 镜像层: sha256:6c7eb1847697c2e47fbe0b5a5d48a3cf3397446a4a5fb0d993d86c53e8f5992e 发布日期: 2026-05-13 13:01 修改: 2026-06-17 10:59
zlib1g	CVE-2026-27171	低危	1:1.3.dfsg-3.1ubuntu2.1		zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171 镜像层: sha256:65b08cd99c6053451d2752c3a9a1c048ca23ff1151f0985f5772d898a1efb816 发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

Node.js (node-pkg)

低危漏洞:11

中危漏洞:80

高危漏洞:79

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
basic-ftp	CVE-2026-27699	严重	5.0.3	5.2.0	basic-ftp: basic-ftp: File overwrite due to path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27699 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-25 15:20 修改: 2026-06-17 10:27
fast-xml-parser	CVE-2026-25896	严重	4.4.1	5.3.5, 4.5.4	fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 21:19 修改: 2026-06-17 10:25
handlebars	CVE-2026-33937	严重	4.7.8	4.7.9	handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33937 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
protobufjs	CVE-2026-41242	严重	7.4.0	8.0.1, 7.5.5	protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-18 17:16 修改: 2026-06-17 10:46
@langchain/core	CVE-2025-68665	高危	0.3.57	1.1.8, 0.3.80	langchain-core: LangChain: Arbitrary Code Execution via Serialization Injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68665 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-23 23:15 修改: 2026-06-17 09:59
@opentelemetry/exporter-prometheus	CVE-2026-44902	高危	0.202.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51
@opentelemetry/sdk-node	CVE-2026-44902	高危	0.202.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51
axios	CVE-2026-25639	高危	1.12.1	1.13.5, 0.30.3	axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:24
axios	CVE-2026-42033	高危	1.12.1	1.15.1, 0.31.1	axios: Axios: HTTP Transport Hijacking via Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42035	高危	1.12.1	1.15.1, 0.31.1	axios: Axios: Arbitrary HTTP header injection via prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42043	高危	1.12.1	1.15.1, 0.31.1	axios: Axios: NO_PROXY bypass via crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42264	高危	1.12.1	1.15.2	Axios is a promise based HTTP client for the browser and Node.js. From ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-08 04:16 修改: 2026-06-17 10:47
axios	CVE-2026-44486	高危	1.12.1	1.16.0, 0.32.0	axios: Axios: Information disclosure of proxy credentials via HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44487	高危	1.12.1	1.16.0, 0.32.0	axios: Axios: Information disclosure of proxy credentials via redirect flows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44488	高危	1.12.1	1.16.0	axios: Axios: Denial of Service due to unenforced request and response size limits 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44492	高危	1.12.1	1.16.0, 0.32.0	axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44494	高危	1.12.1	1.16.0	axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44495	高危	1.12.1	1.15.2, 0.31.1	axios: Axios: Information disclosure due to prototype pollution vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
axios	CVE-2026-44496	高危	1.12.1	1.16.0, 0.32.0	axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
@grpc/grpc-js	CVE-2026-48068	高危	1.13.4	1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4	@grpc/grpc-js: A malformed request can cause a server crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
basic-ftp	CVE-2026-41324	高危	5.0.3	5.3.0	basic-ftp: basic-ftp: Denial of Service via unbounded memory growth from malicious directory listings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41324 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 04:16 修改: 2026-06-17 10:46
basic-ftp	CVE-2026-44240	高危	5.0.3	5.3.1	basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44240 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-12 21:16 修改: 2026-06-17 10:50
basic-ftp	GHSA-6v7q-wjvx-w8wg	高危	5.0.3	5.2.2	basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands 漏洞详情: https://github.com/advisories/GHSA-6v7q-wjvx-w8wg 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-10 20:18 修改: 2026-04-10 20:18
expr-eval	CVE-2025-12735	高危	2.0.2		expr-eval: 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12735 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-05 01:15 修改: 2026-06-17 08:32
expr-eval	CVE-2025-13204	高危	2.0.2		expr-eval: expr-eval: Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13204 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-14 17:16 修改: 2026-06-17 08:33
fast-uri	CVE-2026-6321	高危	3.0.3	3.1.1	fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-04 20:16 修改: 2026-06-17 11:00
fast-uri	CVE-2026-6322	高危	3.0.3	3.1.2	fast-uri: fast-uri: URI authority bypass due to improper delimiter handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-05 11:16 修改: 2026-06-17 11:00
@grpc/grpc-js	CVE-2026-48069	高危	1.13.4	1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4	@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
fast-xml-parser	CVE-2026-26278	高危	4.4.1	4.5.4, 5.3.6	fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-19 20:25 修改: 2026-06-17 10:26
fast-xml-parser	CVE-2026-33036	高危	4.4.1	5.5.6, 4.5.5	fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-20 06:16 修改: 2026-06-17 10:36
form-data	CVE-2026-12143	高危	4.0.4	2.5.6, 3.0.5, 4.0.6	form-data is a library for creating readable multipart/form-data strea ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:14
glob	CVE-2025-64756	高危	10.4.5	11.1.0, 10.5.0	glob: glob: Command Injection Vulnerability via Malicious Filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55
@hapi/content	CVE-2026-35213	高危	6.0.0	6.0.1	@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35213 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-06 21:16 修改: 2026-06-17 10:40
handlebars	CVE-2026-33938	高危	4.7.8	4.7.9	handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33938 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
handlebars	CVE-2026-33939	高危	4.7.8	4.7.9	handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33939 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 22:16 修改: 2026-06-17 10:38
handlebars	CVE-2026-33940	高危	4.7.8	4.7.9	handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33940 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 22:16 修改: 2026-06-17 10:38
handlebars	CVE-2026-33941	高危	4.7.8	4.7.9	handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33941 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 22:16 修改: 2026-06-17 10:38
js-cookie	CVE-2026-46625	高危	2.2.1	3.0.7	JavaScript Cookie is a JavaScript API for handling cookies, client-sid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-10 22:16 修改: 2026-06-17 10:53
jws	CVE-2025-65945	高危	3.2.2	3.2.3, 4.0.1	node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56
jws	CVE-2025-65945	高危	4.0.0	3.2.3, 4.0.1	node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56
langchain	CVE-2025-68665	高危	0.3.15	1.2.3, 0.3.37	langchain-core: LangChain: Arbitrary Code Execution via Serialization Injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68665 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-23 23:15 修改: 2026-06-17 09:59
langsmith	CVE-2026-45134	高危	0.3.29	0.6.0	LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45134 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51
linkify-it	CVE-2026-48801	高危	5.0.0	5.0.1	LinkifyIt#match scan loop has quadratic algorithmic complexity 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
lodash	CVE-2026-4800	高危	4.17.21	4.18.0	lodash: lodash: Arbitrary code execution via untrusted input in template imports 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:57
minimatch	CVE-2026-26996	高危	3.1.2	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	minimatch: minimatch: Denial of Service via specially crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
minimatch	CVE-2026-27903	高危	3.1.2	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
minimatch	CVE-2026-27904	高危	3.1.2	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
minimatch	CVE-2026-26996	高危	5.1.6	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	minimatch: minimatch: Denial of Service via specially crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
minimatch	CVE-2026-27903	高危	5.1.6	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
minimatch	CVE-2026-27904	高危	5.1.6	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
minimatch	CVE-2026-26996	高危	9.0.5	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	minimatch: minimatch: Denial of Service via specially crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
minimatch	CVE-2026-27903	高危	9.0.5	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
minimatch	CVE-2026-27904	高危	9.0.5	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
node-forge	CVE-2025-12816	高危	1.3.1	1.3.2	node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12816 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-25 20:15 修改: 2026-06-17 08:32
node-forge	CVE-2025-66031	高危	1.3.1	1.3.2	node-forge: node-forge ASN.1 Unbounded Recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66031 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56
node-forge	CVE-2026-33891	高危	1.3.1	1.4.0	node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33891 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
node-forge	CVE-2026-33894	高危	1.3.1	1.4.0	node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33894 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
node-forge	CVE-2026-33895	高危	1.3.1	1.4.0	node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33895 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
node-forge	CVE-2026-33896	高危	1.3.1	1.4.0	node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33896 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
nodemailer	CVE-2025-14874	高危	6.9.15	7.0.11	nodemailer: Nodemailer: Denial of service via crafted email address header 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36
nodemailer	GHSA-p6gq-j5cr-w38f	高危	6.9.15	9.0.1	Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message 漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28
picomatch	CVE-2026-33671	高危	2.3.1	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37
@hapi/content	CVE-2026-44974	高危	6.0.0	6.0.2	@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44974 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs	CVE-2026-44289	高危	7.4.0	7.5.6, 8.0.2	protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-44290	高危	7.4.0	7.5.6, 8.0.2	protobuf.js: Process-wide denial of service through unsafe option paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-44291	高危	7.4.0	7.5.6, 8.0.2	protobuf.js: Code generation gadget after prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-44293	高危	7.4.0	7.5.6, 8.0.2	protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-48712	高危	7.4.0	7.6.1, 8.4.1	protobufjs: Denial of service through unbounded Any expansion during JSON conversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04
systeminformation	CVE-2025-68154	高危	5.23.8	5.27.14	systeminformation: systeminformation: OS Command Injection in `fsSize()` allows arbitrary command execution on Windows. 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68154 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-12-16 19:16 修改: 2026-06-17 09:58
systeminformation	CVE-2026-26280	高危	5.23.8	5.30.8	systeminformation: systeminformation: Arbitrary command execution via unsanitized network interface parameter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26280 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-19 20:25 修改: 2026-06-17 10:26
systeminformation	CVE-2026-26318	高危	5.23.8	5.31.0	systeminformation: systeminformation: Arbitrary code execution via unsanitized `locate` output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26318 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-19 20:25 修改: 2026-06-17 10:26
systeminformation	CVE-2026-44724	高危	5.23.8	5.31.6	systeminformation: systeminformation: Command injection via NetworkManager connection profile name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44724 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51
tar	CVE-2026-23745	高危	7.4.3	7.5.3	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-16 22:16 修改: 2026-06-17 10:22
tar	CVE-2026-23950	高危	7.4.3	7.5.4	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-20 01:15 修改: 2026-06-17 10:22
tar	CVE-2026-24842	高危	7.4.3	7.5.7	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-28 01:16 修改: 2026-06-17 10:23
tar	CVE-2026-26960	高危	7.4.3	7.5.8	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
tar	CVE-2026-29786	高危	7.4.3	7.5.10	node-tar: hardlink path traversal via drive-relative linkpath 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-07 16:15 修改: 2026-06-17 10:29
tar	CVE-2026-31802	高危	7.4.3	7.5.11	tar: tar: File overwrite via drive-relative symlink traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
undici	CVE-2026-12151	高危	6.19.2	6.27.0, 7.28.0, 8.5.0	undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 17:16 修改: 2026-06-25 17:47
undici	CVE-2026-1526	高危	6.19.2	6.24.0, 7.24.0	undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1526 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:16
undici	CVE-2026-1528	高危	6.19.2	6.24.0, 7.24.0	undici: undici: Denial of Service via crafted WebSocket frame with large length 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1528 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:16
undici	CVE-2026-2229	高危	6.19.2	6.24.0, 7.24.0	undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2229 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:30
ws	CVE-2026-48779	高危	8.18.3	5.2.5, 6.2.4, 7.5.11, 8.21.0	ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 13:20 修改: 2026-06-18 15:25
@hapi/wreck	CVE-2026-48022	中危	18.1.0	18.1.2	@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48022 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
bn.js	CVE-2026-2739	中危	4.11.9	4.12.3, 5.2.3	bn.js: bn.js: Denial of Service via calling maskn(0) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2739 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-20 05:17 修改: 2026-06-17 10:31
lodash	CVE-2025-13465	中危	4.17.21	4.17.23	lodash: prototype pollution in _.unset and _.omit functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-21 20:16 修改: 2026-06-17 08:34
lodash	CVE-2026-2950	中危	4.17.21	4.18.0	lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32
markdown-it	CVE-2026-2327	中危	14.1.0	14.1.1	markdown-it: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2327 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-12 06:16 修改: 2026-06-17 10:30
markdown-it	CVE-2026-48988	中危	14.1.0	14.2.0	markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06
brace-expansion	CVE-2026-33750	中危	1.1.12	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
brace-expansion	CVE-2026-33750	中危	2.0.2	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
@protobufjs/utf8	CVE-2026-44288	中危	1.1.0	1.1.1	protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
ajv	CVE-2025-69873	中危	8.17.1	8.18.0, 6.14.0	ajv: ReDoS via $data reference 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-11 19:15 修改: 2026-06-17 10:00
@langchain/community	CVE-2026-26019	中危	0.3.45	1.1.14	@langchain/community: @langchain/community SSRF Bypass in RecursiveUrlLoader 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26019 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-11 22:15 修改: 2026-06-17 10:25
@langchain/community	CVE-2026-27795	中危	0.3.45	1.1.18	langchain-core: @langchain/community: Server-Side Request Forgery (SSRF) bypass via redirect manipulation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27795 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-25 18:23 修改: 2026-06-17 10:27
@hapi/inert	CVE-2026-48049	中危	7.1.0	7.1.1	@hapi/inert has a static-file confinement bypass via sibling-prefix path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48049 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2025-62718	中危	1.12.1	1.15.0, 0.31.0	axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-09 15:16 修改: 2026-06-17 09:52
axios	CVE-2026-40175	中危	1.12.1	1.15.0, 0.31.0	axios: Axios: Remote Code Execution via Prototype Pollution escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-10 20:16 修改: 2026-06-17 10:44
fast-xml-parser	CVE-2026-33349	中危	4.4.1	4.5.5, 5.5.7	fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37
fast-xml-parser	CVE-2026-41650	中危	4.4.1	5.7.0	fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46
follow-redirects	GHSA-r4q5-vmmm-2653	中危	1.15.6	1.16.0	follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets 漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11
axios	CVE-2026-42034	中危	1.12.1	1.15.1, 0.31.1	axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42036	中危	1.12.1	1.15.1, 0.31.1	axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42037	中危	1.12.1	1.15.1	axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
node-forge	CVE-2025-66030	中危	1.3.1	1.3.2	node-forge: node-forge: Integer Overflow allows OID-based security bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66030 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56
axios	CVE-2026-42038	中危	1.12.1	1.15.1, 0.31.1	axios: Axios: Information disclosure due to `no_proxy` bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
axios	CVE-2026-42039	中危	1.12.1	1.15.1, 0.31.1	axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
nodemailer	CVE-2025-13033	中危	6.9.15	7.0.7	nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33
nodemailer	GHSA-268h-hp4c-crq3	中危	6.9.15	8.0.9	Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection 漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36
nodemailer	GHSA-r7g4-qg5f-qqm2	中危	6.9.15	8.0.8	Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception 漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34
nodemailer	GHSA-vvjj-xcjg-gr5g	中危	6.9.15	8.0.5	Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) 漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05
nodemailer	GHSA-wqvq-jvpq-h66f	中危	6.9.15	8.0.9	Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization 漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35
axios	CVE-2026-42041	中危	1.12.1	1.15.1, 0.31.1	axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
picomatch	CVE-2026-33672	中危	2.3.1	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37
prismjs	CVE-2024-53382	中危	1.27.0	1.30.0	prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-03-03 07:15 修改: 2026-06-17 08:08
axios	CVE-2026-42042	中危	1.12.1	1.15.1, 0.31.1	axios: Axios: XSRF token bypass leading to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
handlebars	CVE-2026-33916	中危	4.7.8	4.7.9	handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33916 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38
handlebars	GHSA-7rx3-28cr-v5wh	中危	4.7.8	4.7.9	Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry 漏洞详情: https://github.com/advisories/GHSA-7rx3-28cr-v5wh 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-29 15:17 修改: 2026-03-29 15:17
ip-address	CVE-2026-42338	中危	9.0.5	10.1.1	ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-12 20:16 修改: 2026-06-17 10:47
joi	CVE-2026-48038	中危	17.13.3	18.2.1, 17.13.4	joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48038 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-42044	中危	1.12.1	1.15.2	axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
protobufjs	CVE-2026-44288	中危	7.4.0	7.5.6, 8.0.2	protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-44292	中危	7.4.0	7.5.6, 8.0.2	protobuf.js: Prototype injection in generated message constructors 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-44294	中危	7.4.0	7.5.6, 8.0.2	protobuf.js: Denial of service from crafted field names in generated code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
protobufjs	CVE-2026-45740	中危	7.4.0	7.5.8, 8.2.0	protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52
protobufjs	CVE-2026-54269	中危	7.4.0	7.6.3, 8.6.0	protobufjs : Schema-derived names can shadow runtime-significant properties 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40
js-yaml	CVE-2025-64718	中危	3.14.1	4.1.1, 3.14.2	js-yaml: js-yaml prototype pollution in merge 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55
js-yaml	CVE-2026-53550	中危	3.14.1	4.2.0	js-yaml: js-yaml: Denial of Service via crafted YAML merge keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
js-yaml	CVE-2025-64718	中危	4.1.0	4.1.1, 3.14.2	js-yaml: js-yaml prototype pollution in merge 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55
js-yaml	CVE-2025-64718	中危	4.1.0	4.1.1, 3.14.2	js-yaml: js-yaml prototype pollution in merge 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55
js-yaml	CVE-2025-64718	中危	4.1.0	4.1.1, 3.14.2	js-yaml: js-yaml prototype pollution in merge 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55
js-yaml	CVE-2026-53550	中危	4.1.0	4.2.0	js-yaml: js-yaml: Denial of Service via crafted YAML merge keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
js-yaml	CVE-2026-53550	中危	4.1.0	4.2.0	js-yaml: js-yaml: Denial of Service via crafted YAML merge keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
js-yaml	CVE-2026-53550	中危	4.1.0	4.2.0	js-yaml: js-yaml: Denial of Service via crafted YAML merge keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
jsondiffpatch	CVE-2025-9910	中危	0.6.0	0.7.2	jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9910 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-09-11 05:15 修改: 2026-06-17 10:10
axios	CVE-2026-44490	中危	1.12.1	1.16.0, 0.32.0	axios: Axios: Information disclosure and denial of service due to prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
tar	CVE-2026-53655	中危	7.4.3	7.5.16	node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
@opentelemetry/core	CVE-2026-54285	中危	1.26.0	2.8.0	OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17
@opentelemetry/core	CVE-2026-54285	中危	2.0.1	2.8.0	OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17
@hapi/wreck	CVE-2026-44979	中危	18.1.0	18.1.1	@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
langsmith	CVE-2026-40190	中危	0.3.29	0.5.18	LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40190 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-10 20:16 修改: 2026-06-17 10:44
undici	CVE-2025-22150	中危	6.19.2	5.28.5, 6.21.1, 7.2.3	undici: Undici Uses Insufficiently Random Values 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22150 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-01-21 18:15 修改: 2026-06-17 08:45
undici	CVE-2026-1525	中危	6.19.2	6.24.0, 7.24.0	undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1525 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-12 20:16 修改: 2026-06-17 10:15
undici	CVE-2026-1527	中危	6.19.2	6.24.0, 7.24.0	undici: Undici: HTTP header injection and request smuggling vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1527 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:16
undici	CVE-2026-22036	中危	6.19.2	7.18.2, 6.23.0	undici: Undici: Denial of Service via excessive decompression steps 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22036 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-14 19:16 修改: 2026-06-17 10:19
undici	CVE-2026-9679	中危	6.19.2	6.27.0, 7.28.0, 8.5.0	undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43
uuid	CVE-2026-41907	中危	10.0.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	8.3.2	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
langsmith	CVE-2026-41182	中危	0.3.29	0.5.19	LangSmith SDK: Streaming token events bypass output redaction 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41182 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-23 02:16 修改: 2026-06-17 10:46
ws	CVE-2026-45736	中危	8.18.3	8.20.1	ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray` 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-15 15:16 修改: 2026-06-17 10:52
yaml	CVE-2026-33532	中危	1.10.2	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37
yaml	CVE-2026-33532	中危	2.3.4	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37
yaml	CVE-2026-33532	中危	2.5.1	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37
axios	CVE-2026-42040	低危	1.12.1	1.15.1, 0.31.1	axios: Axios: Incorrect null byte handling can lead to data integrity issues 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
handlebars	GHSA-442j-39wm-28r2	低危	4.7.8	4.7.9	Handlebars.js has a Property Access Validation Bypass in container.lookup 漏洞详情: https://github.com/advisories/GHSA-442j-39wm-28r2 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-29 15:16 修改: 2026-03-29 15:16
undici	CVE-2025-47279	低危	6.19.2	5.29.0, 6.21.2, 7.5.0	undici: Undici Memory Leak with Invalid Certificates 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47279 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-05-15 18:15 修改: 2026-06-17 09:27
undici	CVE-2026-11525	低危	6.19.2	6.27.0, 7.28.0, 8.5.0	undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46
undici	CVE-2026-6733	低危	6.19.2	6.27.0, 7.28.0, 8.5.0	undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46
@ai-sdk/provider-utils	CVE-2026-8769	低危	2.0.4		@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8769 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-05-17 23:17 修改: 2026-06-17 11:04
fast-xml-parser	CVE-2026-27942	低危	4.4.1	5.3.8, 4.5.4	fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
@smithy/config-resolver	GHSA-6475-r3vj-m8vf	低危	4.0.1	4.4.0	AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value 漏洞详情: https://github.com/advisories/GHSA-6475-r3vj-m8vf 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-01-08 21:52 修改: 2026-01-08 21:52
@tootallnate/once	CVE-2026-3449	低危	2.0.0	3.0.1, 2.0.1	@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43
ai	CVE-2025-48985	低危	4.0.18	5.0.52, 5.1.0-beta.9	Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48985 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2025-11-07 01:15 修改: 2026-06-17 09:30
nodemailer	GHSA-c7w3-x93f-qmm8	低危	6.9.15	8.0.4	Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter 漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 镜像层: sha256:072b2e5484a9699044ea0f45fbf16d30aab6a6ae93b6f1c4aeb08b50d93f763c 发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26