docker.io/fogforest/yesplaymusic:0.4.9 linux/amd64

docker.io/fogforest/yesplaymusic:0.4.9 - Trivy安全扫描结果 扫描时间: 2026-07-15 04:27
全部漏洞信息
低危漏洞:4 中危漏洞:43 高危漏洞:50 严重漏洞:7

系统OS: alpine 3.14.6 扫描引擎: Trivy 扫描时间: 2026-07-15 04:27

docker.io/fogforest/yesplaymusic:0.4.9 (alpine 3.14.6) (alpine)
低危漏洞:2 中危漏洞:26 高危漏洞:25 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
curl CVE-2022-32207 严重 7.79.1-r1 7.79.1-r2 curl: Unpreserved file permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32207

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

curl CVE-2023-23914 严重 7.79.1-r1 7.79.1-r5 curl: HSTS ignored on multiple requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23914

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

libcurl CVE-2022-32207 严重 7.79.1-r1 7.79.1-r2 curl: Unpreserved file permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32207

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

libcurl CVE-2023-23914 严重 7.79.1-r1 7.79.1-r5 curl: HSTS ignored on multiple requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23914

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

zlib CVE-2022-37434 严重 1.2.12-r0 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2022-08-05 07:15 修改: 2026-07-14 12:16

curl CVE-2023-27533 高危 7.79.1-r1 8.0.1-r0 curl: TELNET option IAC injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27533

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

curl CVE-2023-27534 高危 7.79.1-r1 8.0.1-r0 curl: SFTP path ~ resolving discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

freetype CVE-2022-27405 高危 2.10.4-r2 2.10.4-r3 FreeType: Segmentation violation via FNT_Size_Request

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27405

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-04-22 14:15 修改: 2026-07-09 01:17

freetype CVE-2022-27406 高危 2.10.4-r2 2.10.4-r3 Freetype: Segmentation violation via FT_Request_Size

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27406

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-04-22 14:15 修改: 2026-07-09 01:17

libcrypto1.1 CVE-2022-4450 高危 1.1.1n-r0 1.1.1t-r0 openssl: double free after calling PEM_read_bio_ex

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20

libcrypto1.1 CVE-2023-0215 高危 1.1.1n-r0 1.1.1t-r0 openssl: use-after-free following BIO_new_NDEF

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25

libcrypto1.1 CVE-2023-0286 高危 1.1.1n-r0 1.1.1t-r0 openssl: X.400 address type confusion in X.509 GeneralName

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25

libcrypto1.1 CVE-2023-0464 高危 1.1.1n-r0 1.1.1t-r1 openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-03-22 17:15 修改: 2026-06-17 05:25

curl CVE-2022-27781 高危 7.79.1-r1 7.79.1-r2 curl: CERTINFO never-ending busy-loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27781

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-06-02 14:15 修改: 2026-06-17 04:37

curl CVE-2022-27782 高危 7.79.1-r1 7.79.1-r2 curl: TLS and SSH connection too eager reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27782

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-06-02 14:15 修改: 2026-06-17 04:37

libcurl CVE-2022-27781 高危 7.79.1-r1 7.79.1-r2 curl: CERTINFO never-ending busy-loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27781

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-06-02 14:15 修改: 2026-06-17 04:37

libcurl CVE-2022-27782 高危 7.79.1-r1 7.79.1-r2 curl: TLS and SSH connection too eager reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27782

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-06-02 14:15 修改: 2026-06-17 04:37

libcurl CVE-2022-43551 高危 7.79.1-r1 7.79.1-r4 curl: HSTS bypass via IDN

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43551

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-12-23 15:15 修改: 2026-06-17 05:06

libcurl CVE-2023-27533 高危 7.79.1-r1 8.0.1-r0 curl: TELNET option IAC injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27533

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libcurl CVE-2023-27534 高危 7.79.1-r1 8.0.1-r0 curl: SFTP path ~ resolving discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27534

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libssl1.1 CVE-2022-4450 高危 1.1.1n-r0 1.1.1t-r0 openssl: double free after calling PEM_read_bio_ex

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20

libssl1.1 CVE-2023-0215 高危 1.1.1n-r0 1.1.1t-r0 openssl: use-after-free following BIO_new_NDEF

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25

libssl1.1 CVE-2023-0286 高危 1.1.1n-r0 1.1.1t-r0 openssl: X.400 address type confusion in X.509 GeneralName

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25

libssl1.1 CVE-2023-0464 高危 1.1.1n-r0 1.1.1t-r1 openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-03-22 17:15 修改: 2026-06-17 05:25

libxml2 CVE-2022-2309 高危 2.9.14-r0 2.9.14-r1 lxml: NULL Pointer Dereference in lxml

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2309

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-05 10:15 修改: 2026-06-17 04:41

libxml2 CVE-2022-40303 高危 2.9.14-r0 2.9.14-r2 libxml2: integer overflows with XML_PARSE_HUGE

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40303

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-11-23 00:15 修改: 2026-06-17 05:01

libxml2 CVE-2022-40304 高危 2.9.14-r0 2.9.14-r2 libxml2: dict corruption caused by entity reference cycles

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40304

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-11-23 18:15 修改: 2026-06-17 05:01

ncurses-libs CVE-2022-29458 高危 6.2_p20210612-r0 6.2_p20210612-r1 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-04-18 21:15 修改: 2026-06-17 04:40

ncurses-terminfo-base CVE-2022-29458 高危 6.2_p20210612-r0 6.2_p20210612-r1 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-04-18 21:15 修改: 2026-06-17 04:40

curl CVE-2022-43551 高危 7.79.1-r1 7.79.1-r4 curl: HSTS bypass via IDN

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43551

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-12-23 15:15 修改: 2026-06-17 05:06

curl CVE-2022-32205 中危 7.79.1-r1 7.79.1-r2 curl: Set-Cookie denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32205

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

curl CVE-2022-32206 中危 7.79.1-r1 7.79.1-r2 curl: HTTP compression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32206

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

curl CVE-2022-32208 中危 7.79.1-r1 7.79.1-r2 curl: FTP-KRB bad message verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32208

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

libcurl CVE-2022-32205 中危 7.79.1-r1 7.79.1-r2 curl: Set-Cookie denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32205

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

libcurl CVE-2022-32206 中危 7.79.1-r1 7.79.1-r2 curl: HTTP compression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32206

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

libcurl CVE-2022-32208 中危 7.79.1-r1 7.79.1-r2 curl: FTP-KRB bad message verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32208

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-07-07 13:15 修改: 2026-06-17 04:46

libcurl CVE-2022-43552 中危 7.79.1-r1 7.79.1-r4 curl: Use-after-free triggered by an HTTP proxy deny response

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43552

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-09 20:15 修改: 2026-06-17 05:06

libcurl CVE-2023-23915 中危 7.79.1-r1 7.79.1-r5 curl: HSTS amnesia with --parallel

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23915

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

libcurl CVE-2023-23916 中危 7.79.1-r1 7.79.1-r5 curl: HTTP multi-header compression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23916

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

libcurl CVE-2023-27535 中危 7.79.1-r1 8.0.1-r0 curl: FTP too eager connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27535

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libcurl CVE-2023-27536 中危 7.79.1-r1 8.0.1-r0 curl: GSS delegation too eager connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libcurl CVE-2023-27537 中危 7.79.1-r1 8.0.1-r0 curl: HSTS double-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27537

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libcurl CVE-2023-27538 中危 7.79.1-r1 8.0.1-r0 curl: SSH connection too eager reuse still

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27538

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

curl CVE-2022-43552 中危 7.79.1-r1 7.79.1-r4 curl: Use-after-free triggered by an HTTP proxy deny response

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-43552

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-09 20:15 修改: 2026-06-17 05:06

curl CVE-2023-23915 中危 7.79.1-r1 7.79.1-r5 curl: HSTS amnesia with --parallel

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23915

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

curl CVE-2023-23916 中危 7.79.1-r1 7.79.1-r5 curl: HTTP multi-header compression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23916

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-02-23 20:15 修改: 2026-06-17 05:38

libcrypto1.1 CVE-2022-2097 中危 1.1.1n-r0 1.1.1q-r0 openssl: AES OCB fails to encrypt some bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2022-07-05 11:15 修改: 2026-06-17 04:41

libssl1.1 CVE-2022-2097 中危 1.1.1n-r0 1.1.1q-r0 openssl: AES OCB fails to encrypt some bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2022-07-05 11:15 修改: 2026-06-17 04:41

libssl1.1 CVE-2022-4304 中危 1.1.1n-r0 1.1.1t-r0 openssl: timing attack in RSA Decryption implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20

libssl1.1 CVE-2023-0465 中危 1.1.1n-r0 1.1.1t-r2 openssl: Invalid certificate policies in leaf certificates are silently ignored

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-03-28 15:15 修改: 2026-06-17 05:25

libcrypto1.1 CVE-2022-4304 中危 1.1.1n-r0 1.1.1t-r0 openssl: timing attack in RSA Decryption implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20

libcrypto1.1 CVE-2023-0465 中危 1.1.1n-r0 1.1.1t-r2 openssl: Invalid certificate policies in leaf certificates are silently ignored

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465

镜像层: sha256:b541d28bf3b491aeb424c61353c8c92476ecc2cd603a6c09ee5c2708f1a4b258

发布日期: 2023-03-28 15:15 修改: 2026-06-17 05:25

curl CVE-2023-27535 中危 7.79.1-r1 8.0.1-r0 curl: FTP too eager connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27535

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

curl CVE-2023-27536 中危 7.79.1-r1 8.0.1-r0 curl: GSS delegation too eager connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27536

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

curl CVE-2023-27537 中危 7.79.1-r1 8.0.1-r0 curl: HSTS double-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27537

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

curl CVE-2023-27538 中危 7.79.1-r1 8.0.1-r0 curl: SSH connection too eager reuse still

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-27538

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2023-03-30 20:15 修改: 2026-06-17 05:45

libcurl CVE-2022-35252 低危 7.79.1-r1 7.79.1-r3 curl: Incorrect handling of control code characters in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35252

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-09-23 14:15 修改: 2026-06-17 04:51

curl CVE-2022-35252 低危 7.79.1-r1 7.79.1-r3 curl: Incorrect handling of control code characters in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-35252

镜像层: sha256:73e72459bfe3d9fd81413680ef4e6061dde9c3592d9ffce1c0b4100f7684f881

发布日期: 2022-09-23 14:15 修改: 2026-06-17 04:51

Node.js (node-pkg)
低危漏洞:2 中危漏洞:17 高危漏洞:25 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
basic-ftp CVE-2026-27699 严重 5.0.5 5.2.0 basic-ftp: basic-ftp: File overwrite due to path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27699

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-02-25 15:20 修改: 2026-06-17 10:27

form-data CVE-2025-7783 严重 4.0.1 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

axios CVE-2026-25639 高危 1.7.9 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42035 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42264 高危 1.7.9 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-05-08 04:16 修改: 2026-07-13 13:16

axios CVE-2026-44486 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44487 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44488 高危 1.7.9 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44494 高危 1.7.9 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44495 高危 1.7.9 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-07-14 12:17

axios CVE-2025-27152 高危 1.7.9 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

basic-ftp CVE-2026-41324 高危 5.0.5 5.3.0 basic-ftp: basic-ftp: Denial of Service via unbounded memory growth from malicious directory listings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41324

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 04:16 修改: 2026-06-17 10:46

basic-ftp CVE-2026-44240 高危 5.0.5 5.3.1 basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44240

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-05-12 21:16 修改: 2026-06-17 10:50

basic-ftp GHSA-6v7q-wjvx-w8wg 高危 5.0.5 5.2.2 basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

漏洞详情: https://github.com/advisories/GHSA-6v7q-wjvx-w8wg

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-10 20:18 修改: 2026-04-10 20:18

axios CVE-2025-58754 高危 1.7.9 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

form-data CVE-2026-12143 高危 4.0.1 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-12 19:16 修改: 2026-07-13 13:16

music-metadata CVE-2026-32256 高危 7.14.0 11.12.3 music-metadata has an infinite loop vulnerability in ASF parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32256

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-18 04:17 修改: 2026-06-17 10:35

node-forge CVE-2025-12816 高危 1.3.1 1.3.2 node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12816

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-11-25 20:15 修改: 2026-06-17 08:32

node-forge CVE-2025-66031 高危 1.3.1 1.3.2 node-forge: node-forge ASN.1 Unbounded Recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66031

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

node-forge CVE-2026-33891 高危 1.3.1 1.4.0 node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33891

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33894 高危 1.3.1 1.4.0 node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33894

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33895 高危 1.3.1 1.4.0 node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33895

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33896 高危 1.3.1 1.4.0 node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33896

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

path-to-regexp CVE-2026-4867 高危 0.1.12 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

axios CVE-2026-42036 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

file-type CVE-2026-31808 中危 16.5.4 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.9 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

axios CVE-2026-42037 中危 1.7.9 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-05-12 20:16 修改: 2026-07-13 13:16

axios CVE-2026-42039 中危 1.7.9 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42041 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42042 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42044 中危 1.7.9 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-44490 中危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2025-62718 中危 1.7.9 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2026-40175 中危 1.7.9 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

node-forge CVE-2025-66030 中危 1.3.1 1.3.2 node-forge: node-forge: Integer Overflow allows OID-based security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66030

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

axios CVE-2026-42034 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

qs CVE-2025-15284 中危 6.13.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.13.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

axios CVE-2026-42040 低危 1.7.9 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

qs CVE-2026-2391 低危 6.13.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:4007b6f4c57e6f4578d54c6aac779f2df6b0e1fe4da88e64ad116b14e2fb7be5

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×