docker.io/fnsys/dockhand:v1.0.35 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:0

中危漏洞:3

高危漏洞:9

严重漏洞:0

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-26 13:50

docker.io/fnsys/dockhand:v1.0.35 (wolfi 20230201) (wolfi)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
docker-cli-buildx	CVE-2026-50195	高危	0.35.0-r0	0.35.0-r1	CVE-2026-50195 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50195 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-cli-buildx	CVE-2026-53488	高危	0.35.0-r0	0.35.0-r1	CVE-2026-53488 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-cli-buildx	CVE-2026-53489	高危	0.35.0-r0	0.35.0-r1	CVE-2026-53489 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53489 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-cli-buildx	CVE-2026-53492	高危	0.35.0-r0	0.35.0-r1	CVE-2026-53492 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53492 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-compose	CVE-2026-50195	高危	5.1.4-r5	5.1.4-r6	CVE-2026-50195 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50195 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-compose	CVE-2026-53488	高危	5.1.4-r5	5.1.4-r6	CVE-2026-53488 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-compose	CVE-2026-53489	高危	5.1.4-r5	5.1.4-r6	CVE-2026-53489 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53489 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-compose	CVE-2026-53492	高危	5.1.4-r5	5.1.4-r6	CVE-2026-53492 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53492 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-cli-buildx	CVE-2026-47262	中危	0.35.0-r0	0.35.0-r1	CVE-2026-47262 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
docker-compose	CVE-2026-41178	中危	5.1.4-r5	5.2.0-r0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41178 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 2026-06-04 16:16 修改: 2026-06-18 14:34
docker-compose	CVE-2026-47262	中危	5.1.4-r5	5.1.4-r6	CVE-2026-47262 affecting package containerd2 for versions less than 2.2.4-3 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262 镜像层: sha256:076d1c1ea97cb3762e4da2913ec38c177678ea6b49d87d0a62f29ee8968286c2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
nodemailer	GHSA-p6gq-j5cr-w38f	高危	8.0.9	9.0.1	Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message 漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f 镜像层: sha256:1aeb2444ee6a6bdcadbd9f95e56642d55fc09fbf730c368b859020ab65362cd9 发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

nodemailer

GHSA-p6gq-j5cr-w38f

高危

8.0.9

9.0.1

Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:1aeb2444ee6a6bdcadbd9f95e56642d55fc09fbf730c368b859020ab65362cd9

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

app/bin/collection-worker (gobinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/fnsys/dockhand:v1.0.35 linux/amd64

全部漏洞信息

docker.io/fnsys/dockhand:v1.0.35 (wolfi 20230201) (wolfi)

Node.js (node-pkg)

app/bin/collection-worker (gobinary)