docker.io/gitea/gitea:1.26.1 linux/amd64

docker.io/gitea/gitea:1.26.1 - Trivy安全扫描结果扫描时间: 2026-05-18 14:10

全部漏洞信息

低危漏洞:1

中危漏洞:5

高危漏洞:11

严重漏洞:1

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-05-18 14:10

docker.io/gitea/gitea:1.26.1 (alpine 3.23.4) (alpine)

低危漏洞:1

中危漏洞:1

高危漏洞:5

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
gnutls	CVE-2026-33845	严重	3.8.12-r0	3.8.13-r0	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-04-30 18:16 修改: 2026-05-05 03:03
gnutls	CVE-2026-33846	高危	3.8.12-r0	3.8.13-r0	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-05-04 10:15 修改: 2026-05-04 15:22
gnutls	CVE-2026-3833	高危	3.8.12-r0	3.8.13-r0	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-04-30 18:16 修改: 2026-05-07 02:09
gnutls	CVE-2026-42010	高危	3.8.12-r0	3.8.13-r0	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-05-07 12:16 修改: 2026-05-07 15:16
gnutls	CVE-2026-42011	高危	3.8.12-r0	3.8.13-r0	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-05-07 15:16 修改: 2026-05-07 15:48
nghttp2-libs	CVE-2026-27135	高危	1.68.0-r0	1.68.1	nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-03-18 18:16 修改: 2026-03-23 17:51
xz-libs	CVE-2026-34743	中危	5.8.2-r0	5.8.3-r0	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
gnutls	CVE-2026-3832	低危	3.8.12-r0	3.8.13-r0	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 2026-04-30 18:16 修改: 2026-05-11 19:15
gnutls	CVE-2026-42013	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-42014	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-42015	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-5260	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-5419	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-42009	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
gnutls	CVE-2026-42012	未知	3.8.12-r0	3.8.13-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:a7d95640693197a67c0ccf9650a76dc24ed7ee9bd6ff14a3b9322cbabc588c45 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

app/gitea/gitea (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:6

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.18.0	5.19.0	go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/Azure/go-ntlmssp	CVE-2026-32952	中危	v0.1.0	0.1.1	go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:8b2c1eb8efc5d89c83a9ee94beacb1b4b2779a84640c54f6b9b475f5ec657a05 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16