docker.io/gitlab/gitlab-ce:16.9.3-ce.0 linux/amd64

docker.io/gitlab/gitlab-ce:16.9.3-ce.0 - Trivy安全扫描结果 扫描时间: 2026-07-14 11:30
全部漏洞信息
低危漏洞:239 中危漏洞:1821 高危漏洞:968 严重漏洞:109

系统OS: ubuntu 22.04 扫描引擎: Trivy 扫描时间: 2026-07-14 11:30

docker.io/gitlab/gitlab-ce:16.9.3-ce.0 (ubuntu 22.04) (ubuntu)
低危漏洞:100 中危漏洞:174 高危漏洞:6 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
gpgv CVE-2025-68973 高危 2.2.27-3ubuntu2.1 2.2.27-3ubuntu2.5 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-12-28 17:16 修改: 2026-06-17 09:59

libssl3 CVE-2026-45447 高危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-07-08 13:16

openssh-client CVE-2024-6387 高危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.10 openssh: regreSSHion - race condition in SSH allows RCE/DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-07-01 13:15 修改: 2026-06-17 08:17

openssh-server CVE-2024-6387 高危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.10 openssh: regreSSHion - race condition in SSH allows RCE/DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-07-01 13:15 修改: 2026-06-17 08:17

openssh-sftp-server CVE-2024-6387 高危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.10 openssh: regreSSHion - race condition in SSH allows RCE/DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-07-01 13:15 修改: 2026-06-17 08:17

openssl CVE-2026-45447 高危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-07-08 13:16

busybox CVE-2025-60876 中危 1:1.30.1-7ubuntu3 busybox: BusyBox wget: HTTP request-target allows header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-60876

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-11-10 20:15 修改: 2026-06-17 09:50

bash CVE-2022-3715 中危 5.1-6ubuntu1 5.1-6ubuntu1.1 bash: a heap-buffer-overflow in valid_parameter_transform

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3715

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-01-05 15:15 修改: 2026-06-17 05:00

gpgv CVE-2025-30258 中危 2.2.27-3ubuntu2.1 2.2.27-3ubuntu2.3 gnupg: verification DoS due to a malicious subkey in the keyring

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08

gzip CVE-2026-41991 中危 1.10-4ubuntu4.1 1.10-4ubuntu4.2 gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41991

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-29 12:16 修改: 2026-07-01 14:02

gzip CVE-2026-41992 中危 1.10-4ubuntu4.1 1.10-4ubuntu4.2 GNU gzip contains a global buffer overflow vulnerability in the LZH de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41992

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-29 12:16 修改: 2026-07-01 14:02

libblkid1 CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libblkid1 CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libc-bin CVE-2024-2961 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.7 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

libc-bin CVE-2024-33599 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33600 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33601 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33602 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2025-0395 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.9 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libc-bin CVE-2025-15281 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37

libc-bin CVE-2025-4802 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.10 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libc-bin CVE-2025-8058 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.11 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

libc-bin CVE-2026-0861 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11

libc-bin CVE-2026-0915 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11

libc-bin CVE-2026-4046 中危 2.35-0ubuntu3.6 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55

libc-bin CVE-2026-5435 中危 2.35-0ubuntu3.6 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59

libc-bin CVE-2026-6238 中危 2.35-0ubuntu3.6 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17

libc6 CVE-2024-2961 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.7 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

libc6 CVE-2024-33599 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33600 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33601 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33602 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.8 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2025-0395 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.9 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libc6 CVE-2025-15281 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37

libc6 CVE-2025-4802 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.10 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libc6 CVE-2025-8058 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.11 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

libc6 CVE-2026-0861 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11

libc6 CVE-2026-0915 中危 2.35-0ubuntu3.6 2.35-0ubuntu3.13 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11

libc6 CVE-2026-4046 中危 2.35-0ubuntu3.6 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-30 18:16 修改: 2026-06-17 10:55

libc6 CVE-2026-5435 中危 2.35-0ubuntu3.6 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-28 13:19 修改: 2026-06-17 10:59

libc6 CVE-2026-6238 中危 2.35-0ubuntu3.6 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-28 19:37 修改: 2026-06-19 21:17

libcap2 CVE-2025-1390 中危 1:2.44-1ubuntu0.22.04.1 1:2.44-1ubuntu0.22.04.2 libcap: pam_cap: Fix potential configuration parsing error

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1390

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-02-18 03:15 修改: 2026-06-17 08:39

libcap2 CVE-2026-4878 中危 1:2.44-1ubuntu0.22.04.1 1:2.44-1ubuntu0.22.04.3 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-09 16:16 修改: 2026-07-10 12:17

libgcrypt20 CVE-2026-41989 中危 1.9.4-3ubuntu3 1.9.4-3ubuntu3.2 Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-23 05:16 修改: 2026-06-17 10:47

libgnutls30 CVE-2024-12243 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.6 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59

libgnutls30 CVE-2024-28834 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.5 gnutls: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-21 14:15 修改: 2026-06-17 07:21

libgnutls30 CVE-2024-28835 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.5 gnutls: potential crash during chain building/verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28835

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-21 06:15 修改: 2026-07-03 03:16

libgnutls30 CVE-2025-14831 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.8 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-02-09 15:16 修改: 2026-06-30 00:16

libgnutls30 CVE-2025-32988 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.7 gnutls: Vulnerability in GnuTLS otherName SAN export

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32988

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2025-32989 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.7 gnutls: Vulnerability in GnuTLS SCT extension parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32989

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2025-32990 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.7 gnutls: Vulnerability in GnuTLS certtool template parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32990

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-10 10:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2025-6395 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.7 gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6395

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-10 16:15 修改: 2026-06-30 02:16

libgnutls30 CVE-2026-33845 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-30 18:16 修改: 2026-07-07 12:16

libgnutls30 CVE-2026-33846 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-04 10:15 修改: 2026-07-07 12:16

libgnutls30 CVE-2026-3832 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-30 18:16 修改: 2026-06-24 17:16

libgnutls30 CVE-2026-3833 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-30 18:16 修改: 2026-06-30 03:19

libgnutls30 CVE-2026-42009 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-18 13:16 修改: 2026-07-08 13:16

libgnutls30 CVE-2026-42010 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Authentication Bypass via NUL Character in Username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-07 12:16 修改: 2026-07-08 13:16

libgnutls30 CVE-2026-42011 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Security bypass due to incorrect name constraint handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-07 15:16 修改: 2026-06-30 03:19

libgnutls30 CVE-2026-42012 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:19

libgnutls30 CVE-2026-42013 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 22:16 修改: 2026-06-30 03:19

libgnutls30 CVE-2026-42014 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-16 02:16 修改: 2026-06-30 03:19

libgnutls30 CVE-2026-42015 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 22:16 修改: 2026-07-09 07:16

libgnutls30 CVE-2026-5260 中危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.9 gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 22:16 修改: 2026-07-09 07:16

libgssapi-krb5-2 CVE-2024-3596 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libgssapi-krb5-2 CVE-2024-37370 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libgssapi-krb5-2 CVE-2024-37371 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libgssapi-krb5-2 CVE-2025-24528 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libgssapi-krb5-2 CVE-2025-3576 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.7 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libk5crypto3 CVE-2024-3596 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libk5crypto3 CVE-2024-37370 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libk5crypto3 CVE-2024-37371 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libk5crypto3 CVE-2025-24528 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libk5crypto3 CVE-2025-3576 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.7 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libkrb5-3 CVE-2024-3596 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libkrb5-3 CVE-2024-37370 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libkrb5-3 CVE-2024-37371 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libkrb5-3 CVE-2025-24528 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libkrb5-3 CVE-2025-3576 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.7 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libkrb5support0 CVE-2024-3596 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libkrb5support0 CVE-2024-37370 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libkrb5support0 CVE-2024-37371 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libkrb5support0 CVE-2025-24528 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libkrb5support0 CVE-2025-3576 中危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.7 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libmount1 CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libmount1 CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libp11-kit0 CVE-2026-13757 中危 0.24.0-6build1 p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13757

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-29 19:16 修改: 2026-07-13 06:16

libpam-modules CVE-2025-6020 中危 1.4.0-11ubuntu2.4 1.4.0-11ubuntu2.6 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam-modules-bin CVE-2025-6020 中危 1.4.0-11ubuntu2.4 1.4.0-11ubuntu2.6 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam-runtime CVE-2025-6020 中危 1.4.0-11ubuntu2.4 1.4.0-11ubuntu2.6 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam0g CVE-2025-6020 中危 1.4.0-11ubuntu2.4 1.4.0-11ubuntu2.6 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libperl5.34 CVE-2024-56406 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.4 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56406

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-13 14:15 修改: 2026-06-17 08:12

libperl5.34 CVE-2025-40909 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.5 perl: Perl threads have a working directory race condition where file operations may target unintended paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-40909

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-05-30 13:15 修改: 2026-06-17 09:22

libperl5.34 CVE-2026-42496 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 02:16 修改: 2026-06-30 03:19

libperl5.34 CVE-2026-8376 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl: Perl: Heap buffer overflow when compiling regular expressions on 32-bit builds

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03

libsmartcols1 CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libsmartcols1 CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

bsdutils CVE-2024-28085 中危 1:2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libssl3 CVE-2022-40735 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.16

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40735

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2022-11-14 23:15 修改: 2026-06-17 05:01

libssl3 CVE-2024-6119 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.18 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libssl3 CVE-2025-15467 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-9230 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.20 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-34182 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-45445 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libsystemd0 CVE-2025-4598 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.16 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-05-30 14:15 修改: 2026-06-30 11:16

libsystemd0 CVE-2026-29111 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.19 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29

libsystemd0 CVE-2026-40225 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.19 systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libsystemd0 CVE-2026-40226 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.21 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libtasn1-6 CVE-2024-12133 中危 4.18.0-4build1 4.18.0-4ubuntu0.1 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libtasn1-6 CVE-2025-13151 中危 4.18.0-4build1 4.18.0-4ubuntu0.2 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33

libudev1 CVE-2025-4598 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.16 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-05-30 14:15 修改: 2026-06-30 11:16

libudev1 CVE-2026-29111 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.19 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29

libudev1 CVE-2026-40225 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.19 systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libudev1 CVE-2026-40226 中危 249.11-0ubuntu3.12 249.11-0ubuntu3.21 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libuuid1 CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libuuid1 CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

mount CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

mount CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

bsdutils CVE-2026-27456 中危 1:2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

openssh-client CVE-2025-26465 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.11 openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26465

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-02-18 19:15 修改: 2026-06-17 09:01

openssh-client CVE-2025-32728 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.13 openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32728

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-10 02:15 修改: 2026-06-17 09:12

openssh-client CVE-2026-3497 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3497

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-03-12 19:16 修改: 2026-06-30 03:19

openssh-client CVE-2026-35385 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35385

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-10 12:16

openssh-client CVE-2026-35386 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35386

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-07 15:55

openssh-client CVE-2026-35387 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-client CVE-2026-35388 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35388

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-client CVE-2026-35414 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35414

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 18:16 修改: 2026-06-17 10:40

openssh-client CVE-2026-55655 中危 1:8.9p1-3ubuntu0.6 openssh: Local MITM of X11 forwarding via abstract UNIX socket pre-binding in Red Hat Enterprise Linux OpenSSH client versions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55655

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

busybox CVE-2023-42366 中危 1:1.30.1-7ubuntu3 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

openssh-server CVE-2025-26465 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.11 openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26465

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-02-18 19:15 修改: 2026-06-17 09:01

openssh-server CVE-2025-32728 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.13 openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32728

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-10 02:15 修改: 2026-06-17 09:12

openssh-server CVE-2026-3497 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3497

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-03-12 19:16 修改: 2026-06-30 03:19

openssh-server CVE-2026-35385 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35385

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-10 12:16

openssh-server CVE-2026-35386 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35386

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-07 15:55

openssh-server CVE-2026-35387 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-server CVE-2026-35388 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35388

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-server CVE-2026-35414 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35414

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 18:16 修改: 2026-06-17 10:40

openssh-server CVE-2026-55655 中危 1:8.9p1-3ubuntu0.6 openssh: Local MITM of X11 forwarding via abstract UNIX socket pre-binding in Red Hat Enterprise Linux OpenSSH client versions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55655

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

busybox CVE-2024-58251 中危 1:1.30.1-7ubuntu3 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

openssh-sftp-server CVE-2025-26465 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.11 openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26465

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-02-18 19:15 修改: 2026-06-17 09:01

openssh-sftp-server CVE-2025-32728 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.13 openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32728

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-10 02:15 修改: 2026-06-17 09:12

openssh-sftp-server CVE-2026-3497 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3497

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-03-12 19:16 修改: 2026-06-30 03:19

openssh-sftp-server CVE-2026-35385 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35385

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-10 12:16

openssh-sftp-server CVE-2026-35386 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35386

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-07-07 15:55

openssh-sftp-server CVE-2026-35387 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-sftp-server CVE-2026-35388 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35388

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:40

openssh-sftp-server CVE-2026-35414 中危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.15 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35414

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-02 18:16 修改: 2026-06-17 10:40

openssh-sftp-server CVE-2026-55655 中危 1:8.9p1-3ubuntu0.6 openssh: Local MITM of X11 forwarding via abstract UNIX socket pre-binding in Red Hat Enterprise Linux OpenSSH client versions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55655

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

busybox CVE-2025-46394 中危 1:1.30.1-7ubuntu3 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

openssl CVE-2022-40735 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.16

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40735

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2022-11-14 23:15 修改: 2026-06-17 05:01

openssl CVE-2024-6119 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.18 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

openssl CVE-2025-15467 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

openssl CVE-2025-9230 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.20 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl CVE-2026-31790 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl CVE-2026-34182 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-45445 中危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

perl CVE-2024-56406 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.4 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56406

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-13 14:15 修改: 2026-06-17 08:12

perl CVE-2025-40909 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.5 perl: Perl threads have a working directory race condition where file operations may target unintended paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-40909

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-05-30 13:15 修改: 2026-06-17 09:22

perl CVE-2026-42496 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 02:16 修改: 2026-06-30 03:19

perl CVE-2026-8376 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl: Perl: Heap buffer overflow when compiling regular expressions on 32-bit builds

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03

perl-base CVE-2024-56406 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.4 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56406

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-04-13 14:15 修改: 2026-06-17 08:12

perl-base CVE-2025-40909 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.5 perl: Perl threads have a working directory race condition where file operations may target unintended paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-40909

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-05-30 13:15 修改: 2026-06-17 09:22

perl-base CVE-2026-42496 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 02:16 修改: 2026-06-30 03:19

perl-base CVE-2026-8376 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl: Perl: Heap buffer overflow when compiling regular expressions on 32-bit builds

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03

perl-modules-5.34 CVE-2024-56406 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.4 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56406

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-04-13 14:15 修改: 2026-06-17 08:12

perl-modules-5.34 CVE-2025-40909 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.5 perl: Perl threads have a working directory race condition where file operations may target unintended paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-40909

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-05-30 13:15 修改: 2026-06-17 09:22

perl-modules-5.34 CVE-2026-42496 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 02:16 修改: 2026-06-30 03:19

perl-modules-5.34 CVE-2026-8376 中危 5.34.0-3ubuntu1.3 5.34.0-3ubuntu1.7 perl: Perl: Heap buffer overflow when compiling regular expressions on 32-bit builds

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03

sed CVE-2026-5958 中危 4.8-1ubuntu2 4.8-1ubuntu2.1 sed: GNU sed TOCTOU race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-20 12:16 修改: 2026-06-17 10:59

tar CVE-2025-45582 中危 1.34+dfsg-1ubuntu0.1.22.04.2 1.34+dfsg-1ubuntu0.1.22.04.4 tar: Tar path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-11 17:15 修改: 2026-06-17 09:25

tar CVE-2026-5704 中危 1.34+dfsg-1ubuntu0.1.22.04.2 1.34+dfsg-1ubuntu0.1.22.04.3 tar: tar: Hidden file injection via crafted archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:59

util-linux CVE-2024-28085 中危 2.37.2-4ubuntu3 2.37.2-4ubuntu3.4 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

util-linux CVE-2026-27456 中危 2.37.2-4ubuntu3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

wget CVE-2021-31879 中危 1.21.2-2ubuntu1 wget: authorization header disclosure on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2021-04-29 05:15 修改: 2026-06-17 03:52

wget CVE-2024-38428 中危 1.21.2-2ubuntu1 1.21.2-2ubuntu1.1 wget: Misinterpretation of input may lead to improper behavior

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38428

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-06-16 03:15 修改: 2026-06-17 07:40

wget CVE-2026-58469 中危 1.21.2-2ubuntu1 GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buff ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58469

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-07-07 21:17 修改: 2026-07-09 15:59

wget CVE-2026-58470 中危 1.21.2-2ubuntu1 GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58470

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-07-07 21:17 修改: 2026-07-09 16:01

wget CVE-2026-58471 中危 1.21.2-2ubuntu1 wget: GNU Wget: Heap buffer overflow via server-supplied filename leads to memory corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58471

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-07-07 21:17 修改: 2026-07-09 16:02

wget CVE-2026-58472 中危 1.21.2-2ubuntu1 GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buff ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-58472

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-07-07 21:17 修改: 2026-07-09 15:58

ncurses-base CVE-2025-69720 低危 6.3-2ubuntu0.1 6.3-2ubuntu0.2 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

ncurses-bin CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

ncurses-bin CVE-2025-69720 低危 6.3-2ubuntu0.1 6.3-2ubuntu0.2 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

libgcrypt20 CVE-2024-2236 低危 1.9.4-3ubuntu3 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24

dpkg CVE-2025-6297 低危 1.21.1ubuntu2.2 1.21.1ubuntu2.6 It was discovered that dpkg-deb does not properly sanitize directory p ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6297

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-07-01 17:15 修改: 2026-07-08 09:16

libkrb5support0 CVE-2024-26458 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libkrb5support0 CVE-2024-26461 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

liblzma5 CVE-2026-34743 低危 5.2.5-2ubuntu1 5.2.5-2ubuntu1.1 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39

libk5crypto3 CVE-2024-26458 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libk5crypto3 CVE-2024-26461 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libncurses6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

libncurses6 CVE-2025-69720 低危 6.3-2ubuntu0.1 6.3-2ubuntu0.2 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

libssl3 CVE-2024-13176 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.19 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

openssh-client CVE-2025-61984 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61984

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-client CVE-2025-61985 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61985

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-client CVE-2026-55654 低危 1:8.9p1-3ubuntu0.6 openssh: Heap out-of-bounds read in Red Hat Enterprise Linux versions of OpenSSH GSSAPI indicator cleanup due to missing NULL sentinel termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55654

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

libssl3 CVE-2024-2511 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl3 CVE-2024-4603 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-4741 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.19 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libssl3 CVE-2025-68160 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69419 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69420 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-69421 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssh-server CVE-2025-61984 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61984

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-server CVE-2025-61985 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61985

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-server CVE-2026-55654 低危 1:8.9p1-3ubuntu0.6 openssh: Heap out-of-bounds read in Red Hat Enterprise Linux versions of OpenSSH GSSAPI indicator cleanup due to missing NULL sentinel termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55654

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

libssl3 CVE-2026-22795 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2026-22796 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2026-28387 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-31789 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-34180 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42766 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42767 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssh-sftp-server CVE-2025-61984 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61984

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-sftp-server CVE-2025-61985 低危 1:8.9p1-3ubuntu0.6 1:8.9p1-3ubuntu0.14 openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61985

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-10-06 19:15 修改: 2026-06-17 09:51

openssh-sftp-server CVE-2026-55654 低危 1:8.9p1-3ubuntu0.6 openssh: Heap out-of-bounds read in Red Hat Enterprise Linux versions of OpenSSH GSSAPI indicator cleanup due to missing NULL sentinel termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55654

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-23 04:17 修改: 2026-07-08 14:17

libssl3 CVE-2026-42770 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45446 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-7383 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libssl3 CVE-2026-9076 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libstdc++6 CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

libstdc++6 CVE-2023-4039 低危 12.3.0-1ubuntu1~22.04 12.3.0-1ubuntu1~22.04.2 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

libncursesw6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

libncursesw6 CVE-2025-69720 低危 6.3-2ubuntu0.1 6.3-2ubuntu0.2 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

openssl CVE-2024-13176 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.19 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

openssl CVE-2024-2511 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

openssl CVE-2024-4603 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

openssl CVE-2024-4741 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

openssl CVE-2024-5535 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.17 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

openssl CVE-2024-9143 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.19 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

openssl CVE-2025-68160 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

openssl CVE-2025-69418 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-69419 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-69420 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-69421 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2026-22795 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openssl CVE-2026-22796 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.21 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openssl CVE-2026-28387 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28388 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28389 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28390 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-31789 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.23 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl CVE-2026-34180 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-42766 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42767 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42770 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-45446 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

openssl CVE-2026-7383 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

openssl CVE-2026-9076 低危 3.0.2-0ubuntu1.15 3.0.2-0ubuntu1.25 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

passwd CVE-2023-29383 低危 1:4.8.1-2ubuntu2.2 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-04-14 22:15 修改: 2026-06-17 05:49

passwd CVE-2024-56433 低危 1:4.8.1-2ubuntu2.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

gcc-12-base CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

gcc-12-base CVE-2023-4039 低危 12.3.0-1ubuntu1~22.04 12.3.0-1ubuntu1~22.04.2 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

libsystemd0 CVE-2023-7008 低危 249.11-0ubuntu3.12 249.11-0ubuntu3.21 systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-23 13:15 修改: 2026-06-17 06:51

libsystemd0 CVE-2026-40228 低危 249.11-0ubuntu3.12 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libgcc-s1 CVE-2022-27943 低危 12.3.0-1ubuntu1~22.04 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

libgssapi-krb5-2 CVE-2024-26458 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libtasn1-6 CVE-2021-46848 低危 4.18.0-4build1 4.18.0-4ubuntu0.2 libtasn1: Out-of-bound access in ETYPE_OK

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46848

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2022-10-24 14:15 修改: 2026-06-17 04:15

libtinfo6 CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

libtinfo6 CVE-2025-69720 低危 6.3-2ubuntu0.1 6.3-2ubuntu0.2 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

libgssapi-krb5-2 CVE-2024-26461 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libpcre2-8-0 CVE-2022-41409 低危 10.39-3ubuntu0.1 pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-07-18 14:15 修改: 2026-06-17 05:03

libpcre3 CVE-2017-11164 低危 2:8.39-13ubuntu0.22.04.1 pcre: OP_KETRMAX feature in the match function in pcre_exec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2017-07-11 03:29 修改: 2026-06-17 01:01

libkrb5-3 CVE-2024-26458 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libudev1 CVE-2023-7008 低危 249.11-0ubuntu3.12 249.11-0ubuntu3.21 systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-23 13:15 修改: 2026-06-17 06:51

libudev1 CVE-2026-40228 低危 249.11-0ubuntu3.12 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libkrb5-3 CVE-2024-26461 低危 1.19.2-2ubuntu0.3 1.19.2-2ubuntu0.6 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libgcc-s1 CVE-2023-4039 低危 12.3.0-1ubuntu1~22.04 12.3.0-1ubuntu1~22.04.2 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

libzstd1 CVE-2022-4899 低危 1.4.8+dfsg-3build1 zstd: mysql: buffer overrun in util.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4899

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-03-31 20:15 修改: 2026-06-17 05:22

login CVE-2023-29383 低危 1:4.8.1-2ubuntu2.2 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-04-14 22:15 修改: 2026-06-17 05:49

login CVE-2024-56433 低危 1:4.8.1-2ubuntu2.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

busybox CVE-2022-48174 低危 1:1.30.1-7ubuntu3 1:1.30.1-7ubuntu3.1 busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-48174

镜像层: sha256:47851bdae3ee7272fdf0f0e74ff2878c14544bad24fcf68f324ddd4cd56e7337

发布日期: 2023-08-22 19:16 修改: 2026-06-17 05:14

libgnutls30 CVE-2025-9820 低危 3.7.3-4ubuntu1.4 3.7.3-4ubuntu1.8 gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2026-01-26 20:16 修改: 2026-06-30 09:16

ncurses-base CVE-2023-50495 低危 6.3-2ubuntu0.1 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

Node.js (node-pkg)
低危漏洞:3 中危漏洞:7 高危漏洞:14 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
handlebars CVE-2019-19919 严重 1.0.0 4.3.0, 3.0.8 nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-12-20 23:15 修改: 2026-06-17 02:27

handlebars CVE-2021-23369 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2021-04-12 14:15 修改: 2026-06-17 03:38

handlebars CVE-2021-23383 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2021-05-04 09:15 修改: 2026-06-17 03:38

diff GHSA-h6ch-v84p-w6p9 高危 1.0.0 3.5.0 Regular Expression Denial of Service (ReDoS)

漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-06-13 18:58 修改: 2021-02-24 19:27

handlebars CVE-2019-20920 高危 1.0.0 3.0.8, 4.5.3 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-09-30 18:15 修改: 2026-06-17 02:31

handlebars GHSA-2cf5-4w76-r9qv 高危 1.0.0 3.0.8, 4.5.2 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-09-04 14:57 修改: 2024-01-29 20:54

handlebars GHSA-g9r4-xpmj-mj65 高危 1.0.0 3.0.8, 4.5.3 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-09-04 15:06 修改: 2020-08-31 18:55

handlebars GHSA-q2c6-c6pm-g3gh 高危 1.0.0 3.0.8, 4.5.3 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-09-04 15:07 修改: 2020-08-31 18:55

handlebars GHSA-q42p-pg8m-cqh6 高危 1.0.0 4.1.2, 4.0.14, 3.0.7 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-06-05 14:07 修改: 2021-08-04 20:54

ini CVE-2020-7788 高危 1.0.0 1.3.6 nodejs-ini: Prototype pollution via malicious INI file

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-12-11 11:15 修改: 2026-06-17 03:25

json CVE-2020-7712 高危 1.0.0 10.0.0 trentm/json vulnerable to command injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-08-30 08:15 修改: 2026-06-17 03:25

npm CVE-2018-7408 高危 1.0.1 5.7.1 Incorrect Permission Assignment for Critical Resource in NPM

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2018-02-22 18:29 修改: 2026-06-17 02:03

npm CVE-2019-16775 高危 1.0.1 6.13.3 npm: Symlink reference outside of node_modules folder through the bin field upon installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-12-13 01:15 修改: 2026-06-17 02:22

npm CVE-2019-16776 高危 1.0.1 6.13.3 npm: Arbitrary file write via constructed entry in the package.json bin field

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-12-13 01:15 修改: 2026-06-17 02:22

npm CVE-2019-16777 高危 1.0.1 6.13.4 npm: Global node_modules Binary Overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2019-12-13 01:15 修改: 2026-06-17 02:22

thrift CVE-2026-41636 高危 0.0.0-DEVELOPMENT 0.23.0 apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41636

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-28 10:16 修改: 2026-06-17 10:46

thrift CVE-2026-43870 高危 0.0.0-DEVELOPMENT apache-thrift: Apache Thrift: Denial of Service via multiple vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-05 09:16 修改: 2026-06-17 10:50

npm CVE-2016-3956 中危 1.0.1 >= 2.15.1 <= 3.0.0, >= 3.8.3 npm: bearer token leak to non-registry hosts

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2016-07-02 14:59 修改: 2026-06-17 00:46

npm CVE-2020-15095 中危 1.0.1 6.14.6 npm: sensitive information exposure through logs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-07-07 19:15 修改: 2026-06-17 02:56

pug CVE-2021-21353 中危 1.0.0 3.0.1 pug: user provided objects as input to pug templates can achieve remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2021-03-03 02:15 修改: 2026-06-17 03:35

pug CVE-2024-36361 中危 1.0.0 3.0.3 Pug allows JavaScript code execution if an application accepts untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-24 06:15 修改: 2026-06-17 07:36

handlebars CVE-2015-8861 中危 1.0.0 >=4.0.0 The handlebars package before 4.0.0 for Node.js allows remote attacker ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2017-01-23 21:59 修改: 2026-05-13 00:24

handlebars NSWG-ECO-519 中危 1.0.0 >=4.6.0 Denial of Service

漏洞详情: https://hackerone.com/reports/726364

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

yaml CVE-2026-33532 中危 1.0.0 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

npm CVE-2013-4116 低危 1.0.1 >=1.3.3 npm: Insecure temporary directory generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2014-04-22 14:23 修改: 2026-05-06 22:30

diff CVE-2026-24001 低危 1.0.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

markdown GHSA-wx77-rp39-c6vg 低危 1.0.0 Regular Expression Denial of Service in markdown

漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-09-04 15:11 修改: 2022-03-24 22:10

Ruby (gemspec)
低危漏洞:21 中危漏洞:107 高危漏洞:65 严重漏洞:18
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
activestorage CVE-2026-33195 严重 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33195

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-30 03:18

activestorage CVE-2026-33202 严重 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 rails: Active Storage: Unintended file deletion via crafted blob keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33202

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

concurrent-ruby CVE-2026-54906 严重 1.2.2 >= 1.3.7 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:00

concurrent-ruby CVE-2026-54906 严重 1.2.3 >= 1.3.7 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Synchronization flaw in ReadWriteLock allows unauthorized lock release and denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:00

graphql CVE-2025-27407 严重 2.2.5 ~> 1.11.11, ~> 1.12.25, ~> 1.13.24, ~> 2.0.32, ~> 2.1.15, ~> 2.2.17, ~> 2.3.21, >= 2.4.13 graphql-ruby: Remote code execution when loading a crafted GraphQL schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27407

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 09:03

net-imap CVE-2026-42257 严重 0.2.3 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47

net-imap CVE-2026-42257 严重 0.3.4 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47

nokogiri GHSA-353f-x4gh-cqq8 严重 1.16.0 >= 1.18.9 Nokogiri patches vendored libxml2 to resolve multiple CVEs

漏洞详情: https://github.com/advisories/GHSA-353f-x4gh-cqq8

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-21 19:35 修改: 2025-07-21 19:35

omniauth-saml CVE-2024-45409 严重 2.1.0 >= 1.10.5, < 2.0.0, ~> 2.1.2, >= 2.2.1 The Ruby SAML library is for implementing the client side of a SAML au ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-10 19:15 修改: 2026-06-17 07:54

omniauth-saml GHSA-cvp8-5r8g-fhvq 严重 2.1.0 2.1.2, 1.10.5, 2.2.1 omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

漏洞详情: https://github.com/advisories/GHSA-cvp8-5r8g-fhvq

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-11 21:08 修改: 2024-09-19 18:25

omniauth-saml GHSA-hw46-3hmr-x9xv 严重 2.1.0 ~> 1.10.6, ~> 2.1.3, >= 2.2.3 omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

漏洞详情: https://github.com/advisories/GHSA-hw46-3hmr-x9xv

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:42 修改: 2025-05-22 17:13

ruby-saml CVE-2024-45409 严重 1.15.0 ~> 1.12.3, >= 1.17.0 The Ruby SAML library is for implementing the client side of a SAML au ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45409

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-10 19:15 修改: 2026-06-17 07:54

ruby-saml CVE-2025-25291 严重 1.15.0 ~> 1.12.4, >= 1.18.0 ruby-saml provides security assertion markup language (SAML) single si ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25291

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00

ruby-saml CVE-2025-25292 严重 1.15.0 ~> 1.12.4, >= 1.18.0 ruby-saml provides security assertion markup language (SAML) single si ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25292

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00

ruby-saml CVE-2025-66567 严重 1.15.0 >= 1.18.0 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66567

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-09 16:18 修改: 2026-06-17 09:57

ruby-saml CVE-2025-66568 严重 1.15.0 >= 1.18.0 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66568

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-09 16:18 修改: 2026-06-17 09:57

stringio CVE-2024-27280 严重 3.0.1 >= 3.0.1.1 ruby: Buffer overread vulnerability in StringIO

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-14 15:11 修改: 2026-06-17 07:19

zlib CVE-2026-27820 严重 2.1.1 ~> 3.0.1, ~> 3.1.2, >= 3.2.3 zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-16 18:16 修改: 2026-06-17 10:27

activesupport CVE-2026-33176 高危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

httparty CVE-2025-68696 高危 0.21.0 >= 0.24.0 httparty: Httparty: Server-Side Request Forgery (SSRF) allows information disclosure and unauthorized internal access.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68696

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-23 23:15 修改: 2026-06-17 09:59

jwt CVE-2026-45363 高危 2.5.0 ~> 2.10.3, >= 3.2.0 ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45363

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

activesupport CVE-2026-33176 高危 7.0.8.1 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

net-imap CVE-2026-42245 高危 0.2.3 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47

net-imap CVE-2026-42246 高危 0.2.3 ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4 net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16

addressable CVE-2026-35611 高危 2.8.1 >= 2.9.0 addressable: Addressable: Denial of Service via crafted URI templates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:40

net-imap CVE-2026-42245 高危 0.3.4 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-06-17 10:47

net-imap CVE-2026-42246 高危 0.3.4 ~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4 net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16

addressable CVE-2026-35611 高危 2.8.6 >= 2.9.0 addressable: Addressable: Denial of Service via crafted URI templates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:40

nokogiri GHSA-c4rq-3m3g-8wgx 高危 1.16.0 >= 1.19.3 Nokogiri CSS selector tokenizer has regular expression backtracking

漏洞详情: https://github.com/advisories/GHSA-c4rq-3m3g-8wgx

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-06 18:24 修改: 2026-05-06 18:24

nokogiri GHSA-mrxw-mxhj-p664 高危 1.16.0 >= 1.18.4 Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

漏洞详情: https://github.com/advisories/GHSA-mrxw-mxhj-p664

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-14 18:51 修改: 2025-03-21 15:43

oauth GHSA-prq8-7wvh-44qh 高危 0.5.6 >= 1.1.6 Cross-origin OAuth token-request redirects can expose signed request metadata

漏洞详情: https://github.com/advisories/GHSA-prq8-7wvh-44qh

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

oauth2 GHSA-pp92-crg2-gfv9 高危 2.0.9 >= 2.0.22 Protocol-relative redirect Location overrides authority in OAuth2::Client#request, leaking bearer Authorization to attacker host

漏洞详情: https://github.com/advisories/GHSA-pp92-crg2-gfv9

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

oj CVE-2026-54592 高危 3.13.23 >= 3.17.3 oj: Oj: Denial of Service via deeply nested JSON input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54592

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54896 高危 3.13.23 >= 3.17.3 oj: Oj: Heap buffer overflow in exception serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54896

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54897 高危 3.13.23 >= 3.17.3 oj: Oj: Use-After-Free in Oj::Doc Iterators via reentrant close

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54897

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54900 高危 3.13.23 >= 3.17.3 oj: Oj: Heap corruption via crafted JSON object key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54900

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 17:16

oj CVE-2026-54903 高危 3.13.23 >= 3.17.3 oj: Oj: Heap corruption and Denial of Service via integer overflow in JSON parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54903

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

bcrypt CVE-2026-33306 高危 3.1.18 >= 3.1.22 github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33306

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 01:17 修改: 2026-06-17 10:37

activestorage CVE-2025-24293 高危 7.0.8 ~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1 activestorage: Code injection in Active Storage when used in conjunction with the image_processing gem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24293

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-30 21:15 修改: 2026-06-30 03:16

concurrent-ruby CVE-2026-54904 高危 1.2.2 >= 1.3.7 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#update

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54904

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 19:26

puma CVE-2026-47736 高危 5.6.5 ~> 7.2.1, >= 8.0.2 Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

puma CVE-2026-47737 高危 5.6.5 ~> 7.2.1, >= 8.0.2 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

puma CVE-2026-47736 高危 6.4.0 ~> 7.2.1, >= 8.0.2 Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

puma CVE-2026-47737 高危 6.4.0 ~> 7.2.1, >= 8.0.2 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

rack CVE-2024-26141 高危 2.2.8 ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26141

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:17

rack CVE-2024-26146 高危 2.2.8 ~> 2.0.9, >= 2.0.9.4, ~> 2.1.4, >= 2.1.4.4, ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26146

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:17

rack CVE-2025-27111 高危 2.2.8 ~> 2.2.12, ~> 3.0.13, >= 3.1.11 rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27111

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 16:15 修改: 2026-06-17 09:03

rack CVE-2025-27610 高危 2.2.8 ~> 2.2.13, ~> 3.0.14, >= 3.1.12 rack: rubygem-rack: Local File Inclusion in Rack::Static

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27610

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-10 23:15 修改: 2026-06-17 09:03

rack CVE-2025-46727 高危 2.2.8 ~> 2.2.14, ~> 3.0.16, >= 3.1.14 rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:26

rack CVE-2025-59830 高危 2.2.8 >= 2.2.18 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-25 15:16 修改: 2026-06-17 09:46

rack CVE-2025-61770 高危 2.2.8 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61770

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61771 高危 2.2.8 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61771

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61772 高危 2.2.8 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack memory exhaustion denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61772

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61919 高危 2.2.8 ~> 2.2.20, ~> 3.1.18, >= 3.2.3 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61919

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51

rack CVE-2026-22860 高危 2.2.8 ~> 2.2.22, ~> 3.1.20, >= 3.2.5 rubygem-rack: Rack Directory Traversal via Rack:Directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22860

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-18 19:21 修改: 2026-06-30 03:17

rack CVE-2026-34785 高危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18

rack CVE-2026-34829 高危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via unbounded multipart file upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18

rack CVE-2025-27111 高危 2.2.9 ~> 2.2.12, ~> 3.0.13, >= 3.1.11 rack: rubygem-rack: Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27111

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 16:15 修改: 2026-06-17 09:03

rack CVE-2025-27610 高危 2.2.9 ~> 2.2.13, ~> 3.0.14, >= 3.1.12 rack: rubygem-rack: Local File Inclusion in Rack::Static

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27610

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-10 23:15 修改: 2026-06-17 09:03

rack CVE-2025-46727 高危 2.2.9 ~> 2.2.14, ~> 3.0.16, >= 3.1.14 rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:26

rack CVE-2025-59830 高危 2.2.9 >= 2.2.18 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-25 15:16 修改: 2026-06-17 09:46

rack CVE-2025-61770 高危 2.2.9 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61770

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61771 高危 2.2.9 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61771

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61772 高危 2.2.9 ~> 2.2.19, ~> 3.1.17, >= 3.2.2 rack: Rack memory exhaustion denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61772

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-07 15:16 修改: 2026-06-17 09:50

rack CVE-2025-61919 高危 2.2.9 ~> 2.2.20, ~> 3.1.18, >= 3.2.3 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61919

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51

rack CVE-2026-22860 高危 2.2.9 ~> 2.2.22, ~> 3.1.20, >= 3.2.5 rubygem-rack: Rack Directory Traversal via Rack:Directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22860

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-18 19:21 修改: 2026-06-30 03:17

rack CVE-2026-34785 高危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18

rack CVE-2026-34829 高危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via unbounded multipart file upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-30 03:18

resolv CVE-2025-24294 高危 0.2.1 ~> 0.2.2, ~> 0.3.0, >= 0.6.1 resolv: Denial of Service in resolv gem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24294

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-12 04:15 修改: 2026-06-17 08:58

rexml CVE-2024-49761 高危 3.2.5 >= 3.3.9 rexml: REXML ReDoS vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-28 15:15 修改: 2026-06-17 08:00

rexml CVE-2024-49761 高危 3.2.6 >= 3.3.9 rexml: REXML ReDoS vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49761

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-28 15:15 修改: 2026-06-17 08:00

activestorage CVE-2026-33174 高危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33174

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

concurrent-ruby CVE-2026-54904 高危 1.2.3 >= 1.3.7 concurrent-ruby: rubygem-concurrent-ruby: concurrent-ruby: Denial of Service due to infinite loop in AtomicReference#update

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54904

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 19:26

erb CVE-2026-41316 高危 2.2.3 ~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4 erb: ERB: Arbitrary code execution via deserialization bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41316

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-24 03:16 修改: 2026-07-10 12:16

faraday CVE-2026-54297 高危 1.10.0 ~> 1.10.6, >= 2.14.3 faraday: Faraday: Denial of Service via crafted nested query strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21

faraday CVE-2026-54297 高危 1.8.0 ~> 1.10.6, >= 2.14.3 faraday: Faraday: Denial of Service via crafted nested query strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21

ruby-saml CVE-2025-25293 高危 1.15.0 ~> 1.12.4, >= 1.18.0 ruby-saml provides security assertion markup language (SAML) single si ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25293

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 21:15 修改: 2026-06-17 09:00

sinatra CVE-2025-61921 高危 2.2.4 >= 4.2.0 sinatra: Sinatra has ReDoS vulnerability in ETag header value generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61921

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51

faraday CVE-2026-54297 高危 2.8.1 ~> 1.10.6, >= 2.14.3 faraday: Faraday: Denial of Service via crafted nested query strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54297

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-30 03:21

uri CVE-2025-61594 高危 0.12.1 ~> 0.12.5, ~> 0.13.3, >= 1.0.4 uri: URI module: Credential exposure via URI + operator

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61594

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-30 21:15 修改: 2026-06-17 09:50

uri CVE-2025-61594 高危 0.13.0 ~> 0.12.5, ~> 0.13.3, >= 1.0.4 uri: URI module: Credential exposure via URI + operator

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61594

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-30 21:15 修改: 2026-06-17 09:50

webrick CVE-2024-47220 高危 1.8.1 1.8.2 WEBrick: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47220

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-22 01:15 修改: 2026-06-17 07:56

google-protobuf CVE-2024-7254 高危 3.25.2 ~> 3.25.5, ~> 4.27.5, >= 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

oj CVE-2026-54500 中危 3.13.23 >= 3.17.3 oj: Oj: Information disclosure via uninitialized stack memory read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54502 中危 3.13.23 >= 3.17.3 Oj: Stack Buffer Overflow in Oj.dump via Large Indent

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 17:16

oj CVE-2026-54898 中危 3.13.23 >= 3.17.3 oj: Oj: Denial of Service via input string mutation during JSON parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54898

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54899 中危 3.13.23 >= 3.17.3 oj: Oj: Use-After-Free in parser symbol key cache toggle

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54899

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54901 中危 3.13.23 >= 3.17.3 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54901

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

oj CVE-2026-54902 中危 3.13.23 >= 3.17.3 Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54902

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-01 00:16 修改: 2026-07-01 15:27

devise-two-factor CVE-2024-8796 中危 4.1.1 >= 6.0.0 Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-17 18:15 修改: 2026-06-17 08:23

activesupport CVE-2026-33169 中危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

excon CVE-2026-54171 中危 0.99.0 >= 1.5.0 redact additional sensitive/risky headers when following redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54171

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

activesupport CVE-2026-33170 中危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

faraday CVE-2026-25765 中危 1.10.0 ~> 1.10.5, >= 2.14.1 Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25

puma CVE-2023-40175 中危 5.6.5 ~> 5.6.7, >= 6.3.1 rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40175

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-08-18 22:15 修改: 2026-06-17 06:16

puma CVE-2024-21647 中危 5.6.5 ~> 5.6.8, >= 6.4.2 rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-08 14:15 修改: 2026-06-17 07:09

puma CVE-2024-45614 中危 5.6.5 ~> 5.6.9, >= 6.4.3 rubygem-puma: Header normalization allows for client to clobber proxy set headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:54

actionpack CVE-2024-26143 中危 7.0.8 ~> 7.0.8, >= 7.0.8.1, >= 7.1.3.1 rubygem-actionpack: Possible XSS on translation helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17

faraday CVE-2026-25765 中危 1.8.0 ~> 1.10.5, >= 2.14.1 Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25

puma CVE-2024-21647 中危 6.4.0 ~> 5.6.8, >= 6.4.2 rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21647

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-08 14:15 修改: 2026-06-17 07:09

puma CVE-2024-45614 中危 6.4.0 ~> 5.6.9, >= 6.4.3 rubygem-puma: Header normalization allows for client to clobber proxy set headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:54

activesupport CVE-2026-33169 中危 7.0.8.1 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

faraday CVE-2026-25765 中危 2.8.1 ~> 1.10.5, >= 2.14.1 Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 21:15 修改: 2026-06-17 10:25

faraday CVE-2026-33637 中危 2.8.1 >= 2.14.2 faraday: rubygem-faraday: Faraday: Off-host request forgery due to protocol-relative host override

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-19 19:16 修改: 2026-06-17 10:37

fugit CVE-2024-43380 中危 1.8.1 >= 1.11.1 fugit: Improper input validation in "natural" parser may lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43380

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-19 15:15 修改: 2026-06-17 07:50

activesupport CVE-2026-33170 中危 7.0.8.1 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

actionpack CVE-2024-28103 中危 7.0.8 ~> 6.1.7, >= 6.1.7.8, ~> 7.0.8, >= 7.0.8.4, ~> 7.1.3, >= 7.1.3.4, >= 7.2.0.beta2 rubygem-actionpack: Missing security headers in Action Pack on non-HTML responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28103

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-04 20:15 修改: 2026-06-17 07:20

actiontext CVE-2024-34341 中危 7.0.8 ~> 7.0.8, >= 7.0.8.3, >= 7.1.3.3 Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-07 16:15 修改: 2026-06-17 07:33

icalendar CVE-2026-33635 中危 2.8.0 >= 2.12.2 iCalendar is a Ruby library for dealing with iCalendar files in the iC ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33635

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-26 21:17 修改: 2026-06-17 10:37

json-jwt CVE-2023-51774 中危 1.15.3 ~> 1.15.3, >= 1.15.3.1, >= 1.16.6 json-jwt: bypass of identity checks via a sign/encryption confusion attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51774

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-29 01:42 修改: 2026-06-17 06:41

aws-sdk-s3 CVE-2025-14762 中危 1.143.0 >= 1.208.0 aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-17 21:15 修改: 2026-06-17 08:36

aws-sdk-s3 CVE-2025-14762 中危 1.146.0 >= 1.208.0 aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-17 21:15 修改: 2026-06-17 08:36

actionview CVE-2026-33168 中危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33168

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-23 23:17 修改: 2026-06-17 10:37

carrierwave CVE-2023-49090 中危 1.3.4 ~> 2.2.5, >= 3.0.5 CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-29 15:15 修改: 2026-06-17 06:35

rack CVE-2024-25126 中危 2.2.8 ~> 2.2.8, >= 2.2.8.1, >= 3.0.9.1 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25126

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-29 00:15 修改: 2026-06-17 07:15

rack CVE-2025-25184 中危 2.2.8 ~> 2.2.11, ~> 3.0.12, >= 3.1.10 rubygem-rack: Possible Log Injection in Rack::CommonLogger

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25184

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-12 17:15 修改: 2026-06-17 09:00

rack CVE-2025-32441 中危 2.2.8 >= 2.2.14 rack: Rack Session Reuse Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32441

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:11

rack CVE-2025-61780 中危 2.2.8 ~> 2.2.20, ~> 3.1.18, >= 3.2.3 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61780

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 17:15 修改: 2026-06-17 09:50

rack CVE-2026-25500 中危 2.2.8 ~> 2.2.22, ~> 3.1.20, >= 3.2.5 rubygem-rack: Rack stored XSS in Rack::Directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-18 20:18 修改: 2026-06-17 10:24

rack CVE-2026-34230 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via crafted Accept-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34230

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:38

rack CVE-2026-34763 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Information disclosure via regular expression metacharacters in root path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34763

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34786 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Security header bypass via URL-encoded static path requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34826 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via malicious HTTP Range header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34830 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34831 中危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

net-imap CVE-2025-43857 中危 0.2.3 ~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7 net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-43857

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-28 16:15 修改: 2026-06-17 09:24

net-imap CVE-2026-42258 中危 0.2.3 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16

net-imap CVE-2026-47240 中危 0.2.3 ~> 0.5.15, >= 0.6.4.1 net-imap: Net::IMAP: Command injection via non-synchronizing literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 16:16

net-imap CVE-2026-47242 中危 0.2.3 ~> 0.5.15, >= 0.6.4.1 Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:03

carrierwave CVE-2024-29034 中危 1.3.4 ~> 2.2.6, >= 3.0.7 CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-24 20:15 修改: 2026-06-17 07:22

carrierwave CVE-2026-44587 中危 1.3.4 ~> 2.2.7, >= 3.1.3 CarrierWave is a framework to upload files from Ruby applications. In ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44587

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-17 13:20 修改: 2026-06-18 15:24

cgi CVE-2025-27219 中危 0.3.6 ~> 0.3.5.1, ~> 0.3.7, >= 0.4.2 CGI: Denial of Service in CGI::Cookie.parse

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27219

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03

net-imap CVE-2025-25186 中危 0.3.4 ~> 0.3.8, ~> 0.4.19, >= 0.5.6 net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-10 16:15 修改: 2026-06-17 09:00

net-imap CVE-2025-43857 中危 0.3.4 ~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7 net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-43857

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-28 16:15 修改: 2026-06-17 09:24

net-imap CVE-2026-42258 中危 0.3.4 ~> 0.4.24, ~> 0.5.14, >= 0.6.4 ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-09 20:16 修改: 2026-07-10 12:16

net-imap CVE-2026-47240 中危 0.3.4 ~> 0.5.15, >= 0.6.4.1 net-imap: Net::IMAP: Command injection via non-synchronizing literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 16:16

rack CVE-2025-25184 中危 2.2.9 ~> 2.2.11, ~> 3.0.12, >= 3.1.10 rubygem-rack: Possible Log Injection in Rack::CommonLogger

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25184

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-12 17:15 修改: 2026-06-17 09:00

rack CVE-2025-32441 中危 2.2.9 >= 2.2.14 rack: Rack Session Reuse Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32441

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-05-07 23:15 修改: 2026-06-17 09:11

rack CVE-2025-61780 中危 2.2.9 ~> 2.2.20, ~> 3.1.18, >= 3.2.3 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61780

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 17:15 修改: 2026-06-17 09:50

rack CVE-2026-25500 中危 2.2.9 ~> 2.2.22, ~> 3.1.20, >= 3.2.5 rubygem-rack: Rack stored XSS in Rack::Directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-18 20:18 修改: 2026-06-17 10:24

rack CVE-2026-34230 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via crafted Accept-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34230

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:38

rack CVE-2026-34763 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Information disclosure via regular expression metacharacters in root path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34763

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34786 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Security header bypass via URL-encoded static path requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34826 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Denial of Service via malicious HTTP Range header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34830 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack CVE-2026-34831 中危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:39

rack-cors CVE-2024-27456 中危 2.0.1 >= 2.0.2 rack-cors: Insecure File Permissions in rack-cors

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27456

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-26 16:28 修改: 2026-06-17 07:19

rails CVE-2024-26143 中危 7.0.8 7.0.8.1, 7.1.3.1 rubygem-actionpack: Possible XSS on translation helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26143

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17

rails-html-sanitizer CVE-2024-53985 中危 1.6.0 >= 1.6.1 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53985

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09

rails-html-sanitizer CVE-2024-53986 中危 1.6.0 >= 1.6.1 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53986

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09

rails-html-sanitizer CVE-2024-53987 中危 1.6.0 >= 1.6.1 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53987

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09

rails-html-sanitizer CVE-2024-53988 中危 1.6.0 >= 1.6.1 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53988

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-02 22:15 修改: 2026-06-17 08:09

rails-html-sanitizer CVE-2024-53989 中危 1.6.0 >= 1.6.1 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53989

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-02 21:15 修改: 2026-06-17 08:09

rdoc CVE-2024-27281 中危 6.4.0 ~> 6.3.4, >= 6.3.4.1, ~> 6.4.1, >= 6.4.1.1, >= 6.5.1.1 ruby: RCE vulnerability with .rdoc_options in RDoc

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-14 15:11 修改: 2026-06-17 07:19

net-imap CVE-2026-47242 中危 0.3.4 ~> 0.5.15, >= 0.6.4.1 Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:03

cgi CVE-2025-27220 中危 0.3.6 ~> 0.3.5.1, ~> 0.3.7, >= 0.4.2 CGI: ReDoS in CGI::Util#escapeElement

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27220

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03

rexml CVE-2024-35176 中危 3.2.5 >= 3.2.7 REXML: DoS parsing an XML with many `<`s in an attribute value

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-16 16:15 修改: 2026-06-17 07:34

rexml CVE-2024-39908 中危 3.2.5 >= 3.3.2 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-16 18:15 修改: 2026-06-17 07:43

rexml CVE-2024-41123 中危 3.2.5 >= 3.3.3 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:47

rexml CVE-2024-41946 中危 3.2.5 >= 3.3.3 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:48

rexml CVE-2024-43398 中危 3.2.5 >= 3.3.6 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-22 15:15 修改: 2026-06-17 07:50

activestorage CVE-2024-26144 中危 7.0.8 ~> 6.1.7, >= 6.1.7.7, >= 7.0.8.1 rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26144

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-27 16:15 修改: 2026-06-17 07:17

rexml CVE-2024-35176 中危 3.2.6 >= 3.2.7 REXML: DoS parsing an XML with many `<`s in an attribute value

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35176

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-16 16:15 修改: 2026-06-17 07:34

rexml CVE-2024-39908 中危 3.2.6 >= 3.3.2 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39908

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-16 18:15 修改: 2026-06-17 07:43

rexml CVE-2024-41123 中危 3.2.6 >= 3.3.3 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41123

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:47

rexml CVE-2024-41946 中危 3.2.6 >= 3.3.3 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41946

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-01 15:15 修改: 2026-06-17 07:48

rexml CVE-2024-43398 中危 3.2.6 >= 3.3.6 rexml: DoS vulnerability in REXML

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43398

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-08-22 15:15 修改: 2026-06-17 07:50

activestorage CVE-2026-33173 中危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33173

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-24 00:16 修改: 2026-06-17 10:37

nokogiri GHSA-5prr-v3j2-97mh 中危 1.16.0 >= 1.19.4 Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

漏洞详情: https://github.com/advisories/GHSA-5prr-v3j2-97mh

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36

nokogiri GHSA-v2fc-qm4h-8hqv 中危 1.16.0 >= 1.19.3 Nokogiri XSLT transform has a memory leak

漏洞详情: https://github.com/advisories/GHSA-v2fc-qm4h-8hqv

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-06 18:27 修改: 2026-05-06 18:27

nokogiri GHSA-wx95-c6cv-8532 中危 1.16.0 >= 1.19.1 Nokogiri does not check the return value from xmlC14NExecute

漏洞详情: https://github.com/advisories/GHSA-wx95-c6cv-8532

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-18 21:57 修改: 2026-02-18 21:57

nokogiri GHSA-xc9x-jj77-9p9j 中危 1.16.0 ~> 1.15.6, >= 1.16.2 Use-after-free in libxml2 via Nokogiri::XML::Reader

漏洞详情: https://github.com/advisories/GHSA-xc9x-jj77-9p9j

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-05 20:22 修改: 2025-05-23 19:16

concurrent-ruby CVE-2026-54905 中危 1.2.2 >= 1.3.7 concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54905

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:01

ruby-saml CVE-2025-54572 中危 1.15.0 >= 1.18.1 The Ruby SAML library is for implementing the client side of a SAML au ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54572

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40

sidekiq CVE-2023-26141 中危 6.4.0 ~> 6.5.10, >= 7.1.3 sidekiq: DoS in dashboard-charts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26141

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-14 05:15 修改: 2026-06-17 05:42

sidekiq-cron CVE-2025-67202 中危 1.12.0 >= 2.4.0 sidekiq-cron: Sidekiq-cron: Cross-site scripting vulnerability via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67202

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 15:16 修改: 2026-06-17 09:57

activestorage CVE-2026-33658 中危 7.0.8 ~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1 rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33658

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

sinatra CVE-2024-21510 中危 2.2.4 >= 4.1.0 sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21510

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-11-01 05:15 修改: 2026-06-17 07:09

activerecord CVE-2025-55193 中危 7.0.8 ~> 7.1.5, >= 7.1.5.2, ~> 7.2.2, >= 7.2.2.2, >= 8.0.2.1 activerecord: Active Record ANSI Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55193

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-13 23:15 修改: 2026-06-17 09:41

concurrent-ruby CVE-2026-54905 中危 1.2.3 >= 1.3.7 concurrent-ruby: Concurrent-ruby: Incorrect write lock granting leading to broken mutual exclusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54905

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-24 17:17 修改: 2026-06-26 20:01

uri CVE-2023-36617 中危 0.12.1 ~> 0.10.0.3, ~> 0.10.3, ~> 0.11.2, >= 0.12.2 rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36617

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-06-29 13:15 修改: 2026-06-17 06:06

uri CVE-2025-27221 中危 0.12.1 ~> 0.11.3, ~> 0.12.4, ~> 0.13.2, >= 1.0.3 uri: userinfo leakage in URI#join, URI#merge and URI#+

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27221

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03

css_parser CVE-2026-44312 中危 1.14.0 ~> 1.22.0, >= 2.1.0 css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44312

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-14 17:16 修改: 2026-06-17 10:50

uri CVE-2025-27221 中危 0.13.0 ~> 0.11.3, ~> 0.12.4, ~> 0.13.2, >= 1.0.3 uri: userinfo leakage in URI#join, URI#merge and URI#+

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27221

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-04 00:15 修改: 2026-06-17 09:03

view_component CVE-2024-21636 中危 3.8.0 ~> 2.83.0, >= 3.9.0 view_component Cross-site Scripting vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21636

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-04 20:15 修改: 2026-06-17 07:09

view_component CVE-2026-44836 中危 3.8.0 >= 4.9.0, >= 3.25.0, < 4.0.0 view_component is a framework for building reusable, testable, and enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-26 21:16 修改: 2026-06-17 10:51

view_component CVE-2026-44837 中危 3.8.0 >= 4.9.0, >= 3.25.0, < 4.0.0 view_component is a framework for building reusable, testable, and enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44837

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-26 21:16 修改: 2026-06-17 10:51

devise CVE-2026-32700 中危 4.9.3 >= 5.0.3 devise: Devise: Unauthorized email confirmation due to a race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32700

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-18 21:16 修改: 2026-06-17 10:36

webrick CVE-2025-6442 中危 1.8.1 >= 1.8.2 webrick: Ruby WEBrick Request Smuggling Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6442

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-25 17:15 修改: 2026-06-17 10:01

devise CVE-2026-40295 中危 4.9.3 >= 5.0.4 Devise is an authentication solution for Rails based on Warden. In ver ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40295

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:44

nokogiri GHSA-5v8h-3h3q-446p 低危 1.16.0 >= 1.19.4 Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception

漏洞详情: https://github.com/advisories/GHSA-5v8h-3h3q-446p

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:35 修改: 2026-06-19 16:35

nokogiri GHSA-5w6v-399v-w3cc 低危 1.16.0 >= 1.18.8 Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

漏洞详情: https://github.com/advisories/GHSA-5w6v-399v-w3cc

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-21 21:55 修改: 2025-04-21 21:55

nokogiri GHSA-8678-w3jw-xfc2 低危 1.16.0 >= 1.19.4 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

漏洞详情: https://github.com/advisories/GHSA-8678-w3jw-xfc2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36

nokogiri GHSA-9cv2-cfxc-v4v2 低危 1.16.0 >= 1.19.4 Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

漏洞详情: https://github.com/advisories/GHSA-9cv2-cfxc-v4v2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36

nokogiri GHSA-p67v-3w7g-wjg7 低危 1.16.0 >= 1.19.4 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

漏洞详情: https://github.com/advisories/GHSA-p67v-3w7g-wjg7

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37

nokogiri GHSA-phwj-rprq-35pp 低危 1.16.0 >= 1.19.4 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

漏洞详情: https://github.com/advisories/GHSA-phwj-rprq-35pp

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37

nokogiri GHSA-r95h-9x8f-r3f7 低危 1.16.0 >= 1.16.5 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

漏洞详情: https://github.com/advisories/GHSA-r95h-9x8f-r3f7

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-13 16:05 修改: 2024-05-15 19:27

nokogiri GHSA-vvfq-8hwr-qm4m 低危 1.16.0 >= 1.18.3 Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

漏洞详情: https://github.com/advisories/GHSA-vvfq-8hwr-qm4m

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-18 22:36 修改: 2025-03-10 22:36

thor CVE-2025-54314 低危 1.2.2 >= 1.4.0 thor: Thor Command Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-20 03:15 修改: 2026-06-17 09:39

thor CVE-2025-54314 低危 1.3.0 >= 1.4.0 thor: Thor Command Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-20 03:15 修改: 2026-06-17 09:39

rack CVE-2026-26961 低危 2.2.8 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26961

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:26

nokogiri GHSA-wfpw-mmfh-qq69 低危 1.16.0 >= 1.19.4 Nokogiri: Possible Use-After-Free in XInclude Processing

漏洞详情: https://github.com/advisories/GHSA-wfpw-mmfh-qq69

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:37 修改: 2026-06-19 16:37

nokogiri GHSA-wjv4-x9w8-wm3h 低危 1.16.0 >= 1.19.4 Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

漏洞详情: https://github.com/advisories/GHSA-wjv4-x9w8-wm3h

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-19 16:36 修改: 2026-06-19 16:36

actionpack CVE-2024-41128 低危 7.0.8 ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 rubygem-actionpack: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41128

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-16 18:15 修改: 2026-06-17 07:47

rack CVE-2026-26961 低危 2.2.9 ~> 2.2.23, ~> 3.1.21, >= 3.2.6 github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26961

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-02 17:16 修改: 2026-06-17 10:26

actionpack CVE-2024-47887 低危 7.0.8 ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 rubygem-actionpack: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47887

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-16 20:15 修改: 2026-06-17 07:57

actionpack CVE-2024-54133 低危 7.0.8 ~> 7.0.8, >= 7.0.8.7, ~> 7.1.5, >= 7.1.5.1, ~> 7.2.2, >= 7.2.2.1, >= 8.0.0.1 actionpack: Possible Content Security Policy bypass in Action Dispatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-54133

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-10 23:15 修改: 2026-06-17 08:09

net-imap CVE-2026-47241 低危 0.2.3 ~> 0.5.15, >= 0.6.4.1 net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:16

actionmailer CVE-2024-47889 低危 7.0.8 ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 rubygem-actionmailer: Possible ReDoS vulnerability in block_format in Action Mailer

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47889

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-16 21:15 修改: 2026-06-17 07:57

actiontext CVE-2024-47888 低危 7.0.8 ~> 6.1.7.9, ~> 7.0.8, >= 7.0.8.5, ~> 7.1.4, >= 7.1.4.1, >= 7.2.1.1 rubygem-actiontext: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47888

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-10-16 21:15 修改: 2026-06-17 07:57

net-imap CVE-2026-47241 低危 0.3.4 ~> 0.5.15, >= 0.6.4.1 net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-22 21:16 修改: 2026-06-23 15:16

crass GHSA-wwpr-jff3-395c 未知 1.0.6 >= 1.0.7 A large number of adjacent CSS comments can trigger a SystemStackError

漏洞详情: https://github.com/advisories/GHSA-wwpr-jff3-395c

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

nokogiri GHSA-g9g8-vgvw-g3vf 未知 1.16.0 >= 1.19.4 Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument type

漏洞详情: https://github.com/advisories/GHSA-g9g8-vgvw-g3vf

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

msgpack CVE-2026-54522 未知 1.5.4 >= 1.8.2 DFVULN-839 - Use-After-Free in MessagePack::Buffer#clear Enables Cross-Buffer Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54522

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

crass GHSA-6jxj-px6v-747w 未知 1.0.6 >= 1.0.7 Deeply nested CSS blocks and functions can trigger a SystemStackError or excessive memory usage

漏洞详情: https://github.com/advisories/GHSA-6jxj-px6v-747w

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

crass GHSA-6wmf-3r64-vcwv 未知 1.0.6 >= 1.0.7 Large numeric exponents cause CPU and memory denial of service

漏洞详情: https://github.com/advisories/GHSA-6wmf-3r64-vcwv

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

websocket-driver CVE-2026-54463 未知 0.7.6 >= 0.8.1 Memory exhaustion via abuse of protocol length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54463

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

websocket-driver CVE-2026-54464 未知 0.7.6 >= 0.8.1 Resource limit bypass via message compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54464

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

websocket-driver CVE-2026-54465 未知 0.7.6 >= 0.8.1 Memory exhaustion in HTTP header parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54465

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

websocket-driver GHSA-2x63-gw47-w4mm 未知 0.7.6 >= 0.8.2 Denial of service via malformed Host header

漏洞详情: https://github.com/advisories/GHSA-2x63-gw47-w4mm

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

crass GHSA-8vfg-2r28-hvhj 未知 1.0.6 >= 1.0.7 Non-ASCII characters cause superlinear CPU consumption

漏洞详情: https://github.com/advisories/GHSA-8vfg-2r28-hvhj

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/alertmanager (gobinary)
低危漏洞:3 中危漏洞:57 高危漏洞:36 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.8.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-39325 高危 v0.10.0 0.17.0 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

golang.org/x/net CVE-2023-45288 高危 v0.10.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.10.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.10.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.10.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.10.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.10.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.8.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2024-45337 高危 v0.8.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.8.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.8.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/rs/cors CVE-2025-47908 中危 v1.9.0 1.11.0 github.com/rs/cors: Denial of service via malicious preflight requests in github.com/rs/cors

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47908

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-06 21:15 修改: 2026-06-17 09:28

go.mongodb.org/mongo-driver CVE-2026-2303 中危 v1.11.3 1.17.7 CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2303

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-10 20:17 修改: 2026-06-17 10:30

golang.org/x/crypto CVE-2023-48795 中危 v0.8.0 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

golang.org/x/crypto CVE-2025-47914 中危 v0.8.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.8.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.8.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2023-3978 中危 v0.10.0 0.13.0 golang.org/x/net/html: Cross site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-08-02 20:15 修改: 2026-06-17 06:15

golang.org/x/net CVE-2025-22870 中危 v0.10.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.10.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.10.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.10.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.10.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.10.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.10.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39834 中危 v0.8.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

google.golang.org/protobuf CVE-2024-24786 中危 v1.30.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.8.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.8.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/digest (gobinary)
低危漏洞:3 中危漏洞:39 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

opt/gitlab/embedded/bin/docker-distribution-pruner (gobinary)
低危漏洞:5 中危漏洞:50 高危漏洞:28 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2021-44716 高危 v0.0.0-20210525063256-abc453219eb5 0.0.0-20211209124913-491a49abca63 golang: net/http: limit growth of header canonicalization cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44716

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

golang.org/x/net CVE-2022-27664 高危 v0.0.0-20210525063256-abc453219eb5 0.0.0-20220906165146-f3363e06e74c golang: net/http: handle server errors after sending GOAWAY

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-09-06 18:15 修改: 2026-06-17 04:37

golang.org/x/net CVE-2022-41723 高危 v0.0.0-20210525063256-abc453219eb5 0.7.0 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

golang.org/x/net CVE-2023-39325 高危 v0.0.0-20210525063256-abc453219eb5 0.17.0 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

golang.org/x/net CVE-2023-45288 高危 v0.0.0-20210525063256-abc453219eb5 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.0.0-20210525063256-abc453219eb5 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.0.0-20210525063256-abc453219eb5 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/docker/distribution CVE-2017-11468 高危 v2.6.0-rc.1.0.20170321171425-0700fa570d7b+incompatible 2.7.0-rc.0 docker-distribution: Does not properly restrict the amount of content accepted from a user

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11468

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2017-07-20 23:29 修改: 2026-06-17 01:01

github.com/docker/distribution CVE-2023-2253 高危 v2.6.0-rc.1.0.20170321171425-0700fa570d7b+incompatible 2.8.2-beta.1 distribution/distribution: DoS from malicious API request

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2253

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-06-06 20:15 修改: 2026-06-17 05:52

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-58190 中危 v0.0.0-20210525063256-abc453219eb5 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.0.0-20210525063256-abc453219eb5 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/aws/aws-sdk-go CVE-2020-8911 中危 v1.8.5-0.20170328201437-498eacd14c9d 1.34.0 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-08-11 20:15 修改: 2026-06-17 03:27

github.com/aws/aws-sdk-go CVE-2022-2582 中危 v1.8.5-0.20170328201437-498eacd14c9d 1.34.0 The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2582

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-12-27 22:15 修改: 2026-06-17 04:42

golang.org/x/net CVE-2022-41717 中危 v0.0.0-20210525063256-abc453219eb5 0.4.0 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-12-08 20:15 修改: 2026-06-17 05:03

golang.org/x/net CVE-2023-3978 中危 v0.0.0-20210525063256-abc453219eb5 0.13.0 golang.org/x/net/html: Cross site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-08-02 20:15 修改: 2026-06-17 06:15

golang.org/x/net CVE-2025-22870 中危 v0.0.0-20210525063256-abc453219eb5 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.0.0-20210525063256-abc453219eb5 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.0.0-20210525063256-abc453219eb5 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/aws/aws-sdk-go CVE-2020-8912 低危 v1.8.5-0.20170328201437-498eacd14c9d 1.34.0 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2020-08-11 20:15 修改: 2026-06-17 03:27

github.com/docker/distribution GHSA-qq97-vm5h-rrhg 低危 v2.6.0-rc.1.0.20170321171425-0700fa570d7b+incompatible 2.8.0 OCI Manifest Type Confusion Issue

漏洞详情: https://github.com/advisories/GHSA-qq97-vm5h-rrhg

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-02-08 18:53 修改: 2023-02-09 15:29

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

opt/gitlab/embedded/bin/gitaly (gobinary)
低危漏洞:8 中危漏洞:64 高危漏洞:43 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/go-git/go-git/v5 CVE-2025-21613 严重 v5.11.0 5.13.0 go-git: argument injection via the URL field

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

github.com/go-git/go-git/v5 CVE-2026-45022 高危 v5.11.0 5.19.0 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

github.com/golang-jwt/jwt/v4 CVE-2025-30204 高危 v4.5.0 4.5.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.0.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/prometheus/prometheus CVE-2026-42151 高危 v0.46.0 0.311.3 github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-04 19:16 修改: 2026-07-10 12:16

github.com/prometheus/prometheus CVE-2026-42154 高危 v0.46.0 0.311.3, 0.305.2 github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-04 19:16 修改: 2026-07-09 13:17

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.13.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/go-git/go-billy/v5 CVE-2026-44973 高危 v5.5.0 5.9.0 Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-28 22:16 修改: 2026-06-17 10:51

github.com/cloudflare/circl GHSA-9763-4f94-gfch 高危 v1.3.3 1.3.7 CIRCL's Kyber: timing side-channel (kyberslash2)

漏洞详情: https://github.com/advisories/GHSA-9763-4f94-gfch

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-08 16:45 修改: 2024-05-20 22:00

github.com/go-git/go-git/v5 CVE-2025-21614 高危 v5.11.0 5.13.0 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 中危 v1.38.1 1.97.3 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

github.com/golang/glog CVE-2024-45339 中危 v1.1.2 1.2.4 github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45339

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.3.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 中危 v1.4.11 1.7.8 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

github.com/prometheus/prometheus CVE-2026-40179 中危 v0.46.0 0.311.2-0.20260410083055-07c6232d159b Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-15 23:16 修改: 2026-06-17 10:44

github.com/prometheus/prometheus CVE-2026-44903 中危 v0.46.0 0.311.3 Prometheus is an open-source monitoring system and time series databas ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-26 22:16 修改: 2026-06-17 10:51

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/go-git/go-git/v5 CVE-2026-25934 中危 v5.11.0 5.16.5 go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 23:16 修改: 2026-06-17 10:25

github.com/go-git/go-git/v5 CVE-2026-34165 中危 v5.11.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/go-git/go-git/v5 CVE-2026-41506 中危 v5.11.0 5.18.0 golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-08 14:16 修改: 2026-06-17 10:46

github.com/go-git/go-git/v5 CVE-2026-45571 中危 v5.11.0 5.19.1 github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

github.com/go-git/go-git/v5 GHSA-w5pp-99ch-qj29 中危 v5.11.0 5.19.1 go-git: Malformed Git object data may cause panics or resource exhaustion

漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43

github.com/go-git/go-billy/v5 CVE-2026-44740 中危 v5.5.0 5.9.0 github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-01 17:17 修改: 2026-06-17 10:51

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/go-git/go-git/v5 CVE-2026-33762 低危 v5.11.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/go-git/go-git/v5 CVE-2026-45570 低危 v5.11.0 5.19.1 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

github.com/cloudflare/circl CVE-2025-8556 低危 v1.3.3 1.6.1 github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-06 09:15 修改: 2026-06-17 10:07

github.com/golang-jwt/jwt/v4 CVE-2024-51744 低危 v4.5.0 4.5.1 golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-11-04 22:15 修改: 2026-06-17 08:06

github.com/cloudflare/circl CVE-2026-1229 低危 v1.3.3 1.6.3 CIRCL has an incorrect calculation in secp384r1 CombinedMult

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-24 08:16 修改: 2026-06-17 10:15

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/gitaly-backup (gobinary)
低危漏洞:4 中危漏洞:55 高危漏洞:36 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.13.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v4 CVE-2025-30204 高危 v4.5.0 4.5.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 中危 v1.38.1 1.97.3 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.3.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 中危 v1.4.11 1.7.8 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/golang-jwt/jwt/v4 CVE-2024-51744 低危 v4.5.0 4.5.1 golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-11-04 22:15 修改: 2026-06-17 08:06

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/gitaly-blackbox (gobinary)
低危漏洞:3 中危漏洞:46 高危漏洞:22 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitaly-debug (gobinary)
低危漏洞:3 中危漏洞:46 高危漏洞:22 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitaly-wrapper (gobinary)
低危漏洞:3 中危漏洞:46 高危漏洞:22 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitlab-kas (gobinary)
低危漏洞:3 中危漏洞:55 高危漏洞:38 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.61.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.16.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

go.opentelemetry.io/otel/sdk CVE-2026-24051 高危 v1.23.1 1.40.0 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22

go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.23.1 1.43.0 github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp CVE-2026-39882 中危 v1.23.1 1.43.0 github.com/open-telemetry/opentelemetry-go: golang: OpenTelemetry-Go: Memory exhaustion via uncapped HTTP response body reading

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitlab-pages (gobinary)
低危漏洞:3 中危漏洞:53 高危漏洞:36 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.59.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.12.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitlab-resize-image (gobinary)
低危漏洞:4 中危漏洞:44 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/image CVE-2026-46599 中危 v0.14.0 0.41.0 golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via crafted PackBits-compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46599

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-46601 中危 v0.14.0 0.43.0 golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46601

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/image CVE-2026-33809 中危 v0.14.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33812 中危 v0.14.0 0.39.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service due to excessive memory allocation when parsing malicious font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33812

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33813 中危 v0.14.0 0.42.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33813

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-25 20:17

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/disintegration/imaging CVE-2023-36308 低危 v1.6.2 disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-05 04:15 修改: 2026-06-17 06:06

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/image CVE-2024-24792 未知 v0.14.0 0.18.0 Parsing a corrupt or malicious image with invalid color indices can ca ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-27 18:15 修改: 2026-06-17 07:14

golang.org/x/image CVE-2026-42500 未知 v0.14.0 0.41.0 Decoding a paletted BMP file with an out-of-range palette index result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:47

golang.org/x/image CVE-2026-46602 未知 v0.14.0 0.43.0 The TIFF decoder does not set a limit on the size of tiles in tiled im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46602

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/image CVE-2026-46604 未知 v0.14.0 0.43.0 The TIFF decoder can panic when decoding an invalid image with an out- ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46604

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-26 21:16 修改: 2026-07-01 14:07

opt/gitlab/embedded/bin/gitlab-workhorse (gobinary)
低危漏洞:3 中危漏洞:59 高危漏洞:36 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.61.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.16.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/image CVE-2026-33809 中危 v0.14.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:38

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/image CVE-2026-33812 中危 v0.14.0 0.39.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service due to excessive memory allocation when parsing malicious font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33812

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33813 中危 v0.14.0 0.42.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33813

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-25 20:17

golang.org/x/image CVE-2026-46599 中危 v0.14.0 0.41.0 golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via crafted PackBits-compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46599

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-46601 中危 v0.14.0 0.43.0 golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46601

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.4.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/image CVE-2024-24792 未知 v0.14.0 0.18.0 Parsing a corrupt or malicious image with invalid color indices can ca ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-27 18:15 修改: 2026-06-17 07:14

golang.org/x/image CVE-2026-42500 未知 v0.14.0 0.41.0 Decoding a paletted BMP file with an out-of-range palette index result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:47

golang.org/x/image CVE-2026-46602 未知 v0.14.0 0.43.0 The TIFF decoder does not set a limit on the size of tiles in tiled im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46602

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/image CVE-2026-46604 未知 v0.14.0 0.43.0 The TIFF decoder can panic when decoding an invalid image with an out- ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46604

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-26 21:16 修改: 2026-07-01 14:07

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/gitlab-zip-cat (gobinary)
低危漏洞:3 中危漏洞:39 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/gitlab-zip-metadata (gobinary)
低危漏洞:3 中危漏洞:54 高危漏洞:36 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.61.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.16.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.4.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/go-crond (gobinary)
低危漏洞:3 中危漏洞:40 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.15.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/mattermost (gobinary)
低危漏洞:4 中危漏洞:67 高危漏洞:39 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.20.7 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.20.7 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.0.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/gorilla/schema CVE-2024-37298 高危 v1.2.0 1.4.1 gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37298

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-01 19:15 修改: 2026-06-17 07:38

github.com/mholt/archiver/v3 CVE-2025-3445 高危 v3.5.1 mholt/archiver: A Path Traversal "Zip Slip" vulnerability in mholt/archiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3445

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-13 22:15 修改: 2026-06-17 09:19

stdlib CVE-2023-39325 高危 v1.20.7 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.20.7 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.20.7 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.20.7 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.20.7 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.20.7 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.20.7 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.20.7 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.20.7 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.20.7 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.20.7 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.20.7 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.20.7 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.20.7 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.20.7 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.20.7 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.20.7 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.20.7 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-33809 中危 v0.14.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33812 中危 v0.14.0 0.39.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service due to excessive memory allocation when parsing malicious font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33812

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33813 中危 v0.14.0 0.42.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33813

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-25 20:17

golang.org/x/image CVE-2026-46599 中危 v0.14.0 0.41.0 golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via crafted PackBits-compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46599

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-46601 中危 v0.14.0 0.43.0 golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46601

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

github.com/nwaples/rardecode CVE-2025-11579 中危 v1.1.3 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11579

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 12:15 修改: 2026-06-17 08:30

github.com/rs/cors CVE-2025-47908 中危 v1.9.0 1.11.0 github.com/rs/cors: Denial of service via malicious preflight requests in github.com/rs/cors

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47908

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-06 21:15 修改: 2026-06-17 09:28

github.com/ulikunitz/xz CVE-2025-58058 中危 v0.5.11 0.5.15 github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58058

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-28 22:15 修改: 2026-06-17 09:43

github.com/blevesearch/bleve/v2 CVE-2022-31022 中危 v2.3.8 2.5.0 Bleve is a text indexing library for go. Bleve includes HTTP utilities ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31022

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-06-01 20:15 修改: 2026-06-17 04:44

github.com/mholt/archiver/v3 CVE-2024-0406 中危 v3.5.1 mholt/archiver: path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0406

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-06 17:15 修改: 2026-06-17 06:53

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-39318 中危 v1.20.7 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.20.7 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.20.7 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.20.7 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.20.7 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.20.7 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.20.7 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.20.7 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.20.7 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.20.7 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.20.7 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.20.7 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.20.7 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.20.7 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.20.7 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.20.7 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.20.7 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.20.7 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.20.7 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.20.7 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.20.7 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.20.7 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.20.7 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.20.7 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.20.7 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.20.7 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.20.7 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.20.7 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.20.7 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.20.7 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.20.7 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.20.7 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.20.7 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.20.7 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.20.7 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.20.7 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.20.7 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.20.7 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.20.7 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.20.7 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.20.7 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.20.7 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.20.7 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/disintegration/imaging CVE-2023-36308 低危 v1.6.2 disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-05 04:15 修改: 2026-06-17 06:06

stdlib CVE-2024-45341 低危 v1.20.7 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.20.7 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.20.7 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/image CVE-2024-24792 未知 v0.14.0 0.18.0 Parsing a corrupt or malicious image with invalid color indices can ca ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-27 18:15 修改: 2026-06-17 07:14

golang.org/x/image CVE-2026-42500 未知 v0.14.0 0.41.0 Decoding a paletted BMP file with an out-of-range palette index result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:47

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/image CVE-2026-46602 未知 v0.14.0 0.43.0 The TIFF decoder does not set a limit on the size of tiles in tiled im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46602

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/image CVE-2026-46604 未知 v0.14.0 0.43.0 The TIFF decoder can panic when decoding an invalid image with an out- ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46604

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-26 21:16 修改: 2026-07-01 14:07

opt/gitlab/embedded/bin/mmctl (gobinary)
低危漏洞:4 中危漏洞:67 高危漏洞:39 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.20.7 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.20.7 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.0.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/gorilla/schema CVE-2024-37298 高危 v1.2.0 1.4.1 gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37298

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-01 19:15 修改: 2026-06-17 07:38

github.com/mholt/archiver/v3 CVE-2025-3445 高危 v3.5.1 mholt/archiver: A Path Traversal "Zip Slip" vulnerability in mholt/archiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3445

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-13 22:15 修改: 2026-06-17 09:19

stdlib CVE-2023-39325 高危 v1.20.7 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.20.7 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.20.7 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.20.7 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.20.7 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.20.7 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.20.7 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.20.7 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.20.7 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.20.7 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.20.7 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.20.7 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.20.7 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.20.7 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.20.7 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.20.7 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.20.7 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.20.7 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-33809 中危 v0.14.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33812 中危 v0.14.0 0.39.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service due to excessive memory allocation when parsing malicious font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33812

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33813 中危 v0.14.0 0.42.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33813

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-21 20:16 修改: 2026-06-25 20:17

golang.org/x/image CVE-2026-46599 中危 v0.14.0 0.41.0 golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via crafted PackBits-compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46599

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-46601 中危 v0.14.0 0.43.0 golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46601

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

github.com/nwaples/rardecode CVE-2025-11579 中危 v1.1.3 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11579

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-10 12:15 修改: 2026-06-17 08:30

github.com/rs/cors CVE-2025-47908 中危 v1.9.0 1.11.0 github.com/rs/cors: Denial of service via malicious preflight requests in github.com/rs/cors

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47908

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-06 21:15 修改: 2026-06-17 09:28

github.com/ulikunitz/xz CVE-2025-58058 中危 v0.5.11 0.5.15 github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58058

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-28 22:15 修改: 2026-06-17 09:43

github.com/blevesearch/bleve/v2 CVE-2022-31022 中危 v2.3.8 2.5.0 Bleve is a text indexing library for go. Bleve includes HTTP utilities ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31022

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-06-01 20:15 修改: 2026-06-17 04:44

github.com/mholt/archiver/v3 CVE-2024-0406 中危 v3.5.1 mholt/archiver: path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0406

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-06 17:15 修改: 2026-06-17 06:53

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-39318 中危 v1.20.7 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.20.7 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.20.7 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.20.7 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.20.7 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.20.7 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.20.7 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.20.7 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.20.7 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.20.7 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.20.7 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.20.7 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.20.7 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.20.7 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.20.7 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.20.7 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.20.7 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.20.7 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.20.7 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.20.7 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.20.7 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.20.7 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.20.7 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.20.7 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.20.7 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.20.7 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.20.7 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.20.7 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.20.7 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.20.7 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.20.7 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.20.7 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.20.7 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.20.7 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.20.7 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.20.7 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.20.7 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.20.7 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.20.7 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.20.7 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.20.7 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.20.7 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.20.7 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/disintegration/imaging CVE-2023-36308 低危 v1.6.2 disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-09-05 04:15 修改: 2026-06-17 06:06

stdlib CVE-2024-45341 低危 v1.20.7 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.20.7 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.20.7 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/image CVE-2024-24792 未知 v0.14.0 0.18.0 Parsing a corrupt or malicious image with invalid color indices can ca ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24792

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-27 18:15 修改: 2026-06-17 07:14

golang.org/x/image CVE-2026-42500 未知 v0.14.0 0.41.0 Decoding a paletted BMP file with an out-of-range palette index result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42500

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:47

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/image CVE-2026-46602 未知 v0.14.0 0.43.0 The TIFF decoder does not set a limit on the size of tiles in tiled im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46602

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/image CVE-2026-46604 未知 v0.14.0 0.43.0 The TIFF decoder can panic when decoding an invalid image with an out- ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46604

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-26 21:16 修改: 2026-07-01 14:07

opt/gitlab/embedded/bin/node_exporter (gobinary)
低危漏洞:3 中危漏洞:54 高危漏洞:36 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-22869 高危 v0.14.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.14.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.17.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.17.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.17.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.17.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.12.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/opencontainers/selinux CVE-2025-52881 高危 v1.11.0 1.13.0 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-06 21:15 修改: 2026-06-17 09:37

golang.org/x/crypto CVE-2024-45337 高危 v0.14.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39827 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.17.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.17.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.17.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.17.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2023-48795 中危 v0.14.0 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

golang.org/x/crypto CVE-2025-47914 中危 v0.14.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.14.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.13.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.14.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/postgres_exporter (gobinary)
低危漏洞:3 中危漏洞:54 高危漏洞:35 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.14.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.17.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.17.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.17.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.17.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.17.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.8.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2024-45337 高危 v0.14.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.14.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39827 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.17.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.17.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.17.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.17.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.17.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.14.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2023-48795 中危 v0.14.0 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

golang.org/x/crypto CVE-2025-47914 中危 v0.14.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.14.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.13.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.14.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/praefect (gobinary)
低危漏洞:9 中危漏洞:64 高危漏洞:43 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/go-git/go-git/v5 CVE-2025-21613 严重 v5.11.0 5.13.0 go-git: argument injection via the URL field

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

github.com/jackc/pgx/v5 CVE-2026-33815 严重 v5.5.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33815

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 16:16 修改: 2026-07-09 13:17

github.com/jackc/pgx/v5 CVE-2026-33816 严重 v5.5.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 16:16 修改: 2026-07-09 13:17

google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.0.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/go-git/go-billy/v5 CVE-2026-44973 高危 v5.5.0 5.9.0 Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-28 22:16 修改: 2026-06-17 10:51

github.com/cloudflare/circl GHSA-9763-4f94-gfch 高危 v1.3.3 1.3.7 CIRCL's Kyber: timing side-channel (kyberslash2)

漏洞详情: https://github.com/advisories/GHSA-9763-4f94-gfch

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-08 16:45 修改: 2024-05-20 22:00

github.com/prometheus/prometheus CVE-2026-42151 高危 v0.46.0 0.311.3 github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-04 19:16 修改: 2026-07-10 12:16

github.com/prometheus/prometheus CVE-2026-42154 高危 v0.46.0 0.311.3, 0.305.2 github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-04 19:16 修改: 2026-07-09 13:17

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.13.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/go-git/go-git/v5 CVE-2025-21614 高危 v5.11.0 5.13.0 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

github.com/go-git/go-git/v5 CVE-2026-45022 高危 v5.11.0 5.19.0 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

github.com/golang-jwt/jwt/v4 CVE-2025-30204 高危 v4.5.0 4.5.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.3.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 中危 v1.4.11 1.7.8 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

github.com/go-git/go-git/v5 CVE-2026-25934 中危 v5.11.0 5.16.5 go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 23:16 修改: 2026-06-17 10:25

github.com/go-git/go-git/v5 CVE-2026-34165 中危 v5.11.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/prometheus/prometheus CVE-2026-40179 中危 v0.46.0 0.311.2-0.20260410083055-07c6232d159b Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-15 23:16 修改: 2026-06-17 10:44

github.com/prometheus/prometheus CVE-2026-44903 中危 v0.46.0 0.311.3 Prometheus is an open-source monitoring system and time series databas ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-26 22:16 修改: 2026-06-17 10:51

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/go-git/go-git/v5 CVE-2026-41506 中危 v5.11.0 5.18.0 golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-08 14:16 修改: 2026-06-17 10:46

github.com/go-git/go-git/v5 CVE-2026-45571 中危 v5.11.0 5.19.1 github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

github.com/go-git/go-git/v5 GHSA-w5pp-99ch-qj29 中危 v5.11.0 5.19.1 go-git: Malformed Git object data may cause panics or resource exhaustion

漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43

github.com/go-git/go-billy/v5 CVE-2026-44740 中危 v5.5.0 5.9.0 github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-01 17:17 修改: 2026-06-17 10:51

github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 中危 v1.38.1 1.97.3 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18

github.com/golang/glog CVE-2024-45339 中危 v1.1.2 1.2.4 github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45339

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/cloudflare/circl CVE-2025-8556 低危 v1.3.3 1.6.1 github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-06 09:15 修改: 2026-06-17 10:07

github.com/jackc/pgx/v5 CVE-2026-41889 低危 v5.5.5 5.9.2 github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-08 17:16 修改: 2026-06-17 10:47

github.com/golang-jwt/jwt/v4 CVE-2024-51744 低危 v4.5.0 4.5.1 golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-11-04 22:15 修改: 2026-06-17 08:06

github.com/cloudflare/circl CVE-2026-1229 低危 v1.3.3 1.6.3 CIRCL has an incorrect calculation in secp384r1 CombinedMult

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-24 08:16 修改: 2026-06-17 10:15

github.com/go-git/go-git/v5 CVE-2026-33762 低危 v5.11.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/go-git/go-git/v5 CVE-2026-45570 低危 v5.11.0 5.19.1 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/prometheus (gobinary)
低危漏洞:4 中危漏洞:62 高危漏洞:41 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v24.0.7+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-24 17:15 修改: 2026-06-17 07:47

google.golang.org/grpc CVE-2026-33186 严重 v1.59.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.0.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

go.opentelemetry.io/otel/sdk CVE-2026-24051 高危 v1.21.0 1.40.0 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-02 23:16 修改: 2026-06-17 10:22

go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.21.0 1.43.0 github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2024-45337 高危 v0.16.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.16.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.16.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.19.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.19.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.19.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.19.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.19.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.19.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.15.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/docker/docker CVE-2026-34040 高危 v24.0.7+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

github.com/docker/docker CVE-2026-41567 高危 v24.0.7+incompatible docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-05 02:17 修改: 2026-07-10 12:16

github.com/docker/docker CVE-2026-42306 高危 v24.0.7+incompatible Moby is an open source container framework. In Docker Engine prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42502 中危 v0.19.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.19.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/Azure/azure-sdk-for-go/sdk/azidentity CVE-2024-35255 中危 v1.4.0 1.6.0-beta.4.0.20240610221955-50774cd97099 azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35255

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-11 17:16 修改: 2026-06-17 07:34

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.4 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2023-48795 中危 v0.16.0 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

golang.org/x/crypto CVE-2025-47914 中危 v0.16.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.16.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.16.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.16.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.16.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

go.mongodb.org/mongo-driver CVE-2026-2303 中危 v1.13.1 1.17.7 CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2303

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-10 20:17 修改: 2026-06-17 10:30

go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp CVE-2026-39882 中危 v1.21.0 1.43.0 github.com/open-telemetry/opentelemetry-go: golang: OpenTelemetry-Go: Memory exhaustion via uncapped HTTP response body reading

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 21:17 修改: 2026-06-17 10:42

github.com/docker/docker CVE-2024-24557 中危 v24.0.7+incompatible 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-01 17:15 修改: 2026-06-17 07:14

github.com/docker/docker CVE-2026-33997 中危 v24.0.7+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 03:15 修改: 2026-06-30 03:18

github.com/docker/docker CVE-2026-41568 中危 v24.0.7+incompatible github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46

github.com/go-resty/resty/v2 CVE-2023-45286 中危 v2.10.0 2.11.0 go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45286

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-11-28 17:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2025-22870 中危 v0.19.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.19.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.19.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.19.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.19.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/docker/docker CVE-2025-54410 低危 v24.0.7+incompatible 25.0.13, 28.0.0 github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.16.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.15.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/redis_exporter (gobinary)
低危漏洞:3 中危漏洞:40 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

google.golang.org/protobuf CVE-2024-24786 中危 v1.31.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.15.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/bin/registry (gobinary)
低危漏洞:5 中危漏洞:53 高危漏洞:37 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/jackc/pgx/v5 CVE-2026-33815 严重 v5.5.2 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33815

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 16:16 修改: 2026-07-09 13:17

github.com/jackc/pgx/v5 CVE-2026-33816 严重 v5.5.2 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-07 16:16 修改: 2026-07-09 13:17

google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.20.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.20.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.20.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.20.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.16.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v4 CVE-2025-30204 高危 v4.5.0 4.5.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

github.com/jackc/pgx/v5 CVE-2024-27304 高危 v5.5.2 5.5.4 pgx: SQL Injection via Protocol Message Size Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27304

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-06 19:15 修改: 2026-06-17 07:19

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.20.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.20.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.20.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.20.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.20.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/jackc/pgx/v5 CVE-2026-41889 低危 v5.5.2 5.9.2 github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-08 17:16 修改: 2026-06-17 10:47

github.com/golang-jwt/jwt/v4 CVE-2024-51744 低危 v4.5.0 4.5.1 golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-11-04 22:15 修改: 2026-06-17 08:06

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/devfile-0.0.25.pre.alpha1-x86_64-linux/bin/devfile (gobinary)
低危漏洞:10 中危漏洞:77 高危漏洞:50 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/docker/docker CVE-2024-41110 严重 v20.10.11+incompatible 23.0.15, 26.1.5, 27.1.1, 25.0.6 moby: Authz zero length regression

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41110

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-24 17:15 修改: 2026-06-17 07:47

github.com/go-git/go-git/v5 CVE-2023-49569 严重 v5.4.2 5.11.0 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49569

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-12 11:15 修改: 2026-06-17 06:36

github.com/go-git/go-git/v5 CVE-2025-21613 严重 v5.4.2 5.13.0 go-git: argument injection via the URL field

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21613

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

google.golang.org/grpc CVE-2026-33186 严重 v1.47.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.5 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.5 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

github.com/docker/docker CVE-2026-34040 高危 v20.10.11+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

github.com/docker/docker CVE-2026-41567 高危 v20.10.11+incompatible docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-05 02:17 修改: 2026-07-10 12:16

github.com/docker/docker CVE-2026-42306 高危 v20.10.11+incompatible Moby is an open source container framework. In Docker Engine prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47

github.com/go-git/go-billy/v5 CVE-2026-44973 高危 v5.3.1 5.9.0 Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-28 22:16 修改: 2026-06-17 10:51

github.com/containerd/containerd CVE-2024-25621 高危 v1.5.9 1.7.29 github.com/containerd/containerd: containerd local privilege escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-06 19:15 修改: 2026-06-17 07:16

github.com/docker/cli CVE-2025-15558 高危 v20.10.11+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-04 17:16 修改: 2026-06-30 03:16

github.com/go-git/go-git/v5 CVE-2023-49568 高危 v5.4.2 5.11.0 go-git: Maliciously crafted Git server replies can cause DoS on go-git clients

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49568

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-01-12 11:15 修改: 2026-06-17 06:36

github.com/go-git/go-git/v5 CVE-2025-21614 高危 v5.4.2 5.13.0 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21614

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-06 17:15 修改: 2026-06-17 08:43

github.com/go-git/go-git/v5 CVE-2026-45022 高危 v5.4.2 5.19.0 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

github.com/sirupsen/logrus CVE-2025-65637 高危 v1.8.1 1.8.3, 1.9.1, 1.9.3 github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65637

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:55

golang.org/x/crypto CVE-2024-45337 高危 v0.0.0-20220315160706-3147a52a75dd 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.0.0-20220315160706-3147a52a75dd 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

golang.org/x/crypto CVE-2025-47913 高危 v0.0.0-20220315160706-3147a52a75dd 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-39325 高危 v0.8.0 0.17.0 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

golang.org/x/net CVE-2023-45288 高危 v0.8.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.8.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.8.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.8.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.8.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.8.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.0.0-20220223155221-ee480838109b 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/docker/distribution CVE-2023-2253 高危 v2.7.1+incompatible 2.8.2-beta.1 distribution/distribution: DoS from malicious API request

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2253

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-06-06 20:15 修改: 2026-06-17 05:52

google.golang.org/grpc GHSA-m425-mq94-257g 高危 v1.47.0 1.56.3, 1.57.1, 1.58.3 gRPC-Go HTTP/2 Rapid Reset vulnerability

漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-25 21:17 修改: 2024-07-19 16:32

github.com/containerd/containerd CVE-2022-23648 高危 v1.5.9 1.4.13, 1.5.10, 1.6.1 containerd: insecure handling of image volumes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23648

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-03-03 14:15 修改: 2026-06-17 04:30

github.com/docker/docker CVE-2023-28840 高危 v20.10.11+incompatible 20.10.24, 23.0.3 moby: Encrypted overlay network may be unauthenticated

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28840

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-04-04 22:15 修改: 2026-06-17 05:48

stdlib CVE-2023-45288 高危 v1.21.5 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.5 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.5 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.5 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.5 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.5 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.5 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.5 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.5 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.5 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.5 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.5 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.5 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.5 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.5 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.5 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/containerd/containerd CVE-2023-25153 中危 v1.5.9 1.5.18, 1.6.18 containerd: OCI image importer memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25153

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-02-16 15:15 修改: 2026-06-17 05:40

github.com/containerd/containerd CVE-2023-25173 中危 v1.5.9 1.5.18, 1.6.18 containerd: Supplementary groups are not set up properly

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25173

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-02-16 15:15 修改: 2026-06-17 05:40

github.com/containerd/containerd CVE-2024-40635 中危 v1.5.9 1.7.27, 1.6.38 containerd: containerd has an integer overflow in User ID handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-17 22:15 修改: 2026-06-17 07:46

github.com/containerd/containerd CVE-2025-64329 中危 v1.5.9 1.7.29 github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-07 05:16 修改: 2026-06-17 09:54

github.com/go-git/go-git/v5 CVE-2026-25934 中危 v5.4.2 5.16.5 go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-09 23:16 修改: 2026-06-17 10:25

github.com/go-git/go-git/v5 CVE-2026-34165 中危 v5.4.2 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/go-git/go-git/v5 CVE-2026-41506 中危 v5.4.2 5.18.0 golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-08 14:16 修改: 2026-06-17 10:46

golang.org/x/net CVE-2023-3978 中危 v0.8.0 0.13.0 golang.org/x/net/html: Cross site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-08-02 20:15 修改: 2026-06-17 06:15

golang.org/x/net CVE-2025-22870 中危 v0.8.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.8.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.8.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.8.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.8.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.8.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.8.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/go-git/go-git/v5 CVE-2026-45571 中危 v5.4.2 5.19.1 github.com/go-git/go-git: go-git: Path validation flaw allows unauthorized file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

github.com/go-git/go-git/v5 GHSA-w5pp-99ch-qj29 中危 v5.4.2 5.19.1 go-git: Malformed Git object data may cause panics or resource exhaustion

漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43

github.com/containerd/containerd GHSA-7ww5-4wqc-m92c 中危 v1.5.9 1.6.26, 1.7.11 containerd allows RAPL to be accessible to a container

漏洞详情: https://github.com/advisories/GHSA-7ww5-4wqc-m92c

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-19 21:17 修改: 2023-12-19 21:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.28.1 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

github.com/docker/docker CVE-2022-24769 中危 v20.10.11+incompatible 20.10.14 moby: Default inheritable capabilities for linux container should be empty

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24769

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-03-24 20:15 修改: 2026-06-17 04:32

github.com/docker/docker CVE-2022-36109 中危 v20.10.11+incompatible 20.10.18 moby: supplementary groups mishandling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36109

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-09-09 18:15 修改: 2026-06-17 04:52

github.com/docker/docker CVE-2023-28841 中危 v20.10.11+incompatible 20.10.24, 23.0.3 moby: Encrypted overlay network traffic may be unencrypted

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28841

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-04-04 22:15 修改: 2026-06-17 05:48

github.com/docker/docker CVE-2023-28842 中危 v20.10.11+incompatible 20.10.24, 23.0.3 moby: Encrypted overlay network with a single endpoint is unauthenticated

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28842

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-04-04 22:15 修改: 2026-06-17 05:48

github.com/docker/docker CVE-2024-24557 中危 v20.10.11+incompatible 24.0.9, 25.0.2 moby: classic builder cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24557

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-02-01 17:15 修改: 2026-06-17 07:14

github.com/docker/docker CVE-2024-29018 中危 v20.10.11+incompatible 26.0.0-rc3, 25.0.5, 23.0.11 moby: external DNS requests from 'internal' networks could lead to data exfiltration

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29018

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-20 21:15 修改: 2026-06-17 07:22

github.com/docker/docker CVE-2026-33997 中危 v20.10.11+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 03:15 修改: 2026-06-30 03:18

github.com/docker/docker CVE-2026-41568 中危 v20.10.11+incompatible github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46

github.com/docker/docker GHSA-jq35-85cj-fj4p 中危 v20.10.11+incompatible 24.0.7, 23.0.8, 20.10.27 /sys/devices/virtual/powercap accessible by default to containers

漏洞详情: https://github.com/advisories/GHSA-jq35-85cj-fj4p

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-10-30 15:25 修改: 2023-10-30 15:25

github.com/containerd/containerd CVE-2022-23471 中危 v1.5.9 1.5.16, 1.6.12 containerd is an open source container runtime. A bug was found in con ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23471

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-12-07 23:15 修改: 2026-06-17 04:30

github.com/go-git/go-billy/v5 CVE-2026-44740 中危 v5.3.1 5.9.0 github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-01 17:17 修改: 2026-06-17 10:51

github.com/containerd/containerd CVE-2022-31030 中危 v1.5.9 1.5.13, 1.6.6 containerd is an open source container runtime. A bug was found in the ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31030

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-06-09 14:15 修改: 2026-06-17 04:44

golang.org/x/crypto CVE-2023-48795 中危 v0.0.0-20220315160706-3147a52a75dd 0.17.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

golang.org/x/crypto CVE-2025-47914 中危 v0.0.0-20220315160706-3147a52a75dd 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.0.0-20220315160706-3147a52a75dd 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.0.0-20220315160706-3147a52a75dd 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

stdlib CVE-2023-45289 中危 v1.21.5 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.5 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.5 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.5 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.5 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.5 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.5 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.5 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.5 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.5 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.5 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.5 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.5 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.5 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.5 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.5 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.5 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.5 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.5 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.5 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.5 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.5 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.5 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.5 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.5 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.5 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.5 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.5 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.5 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.5 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.5 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.5 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.5 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.5 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.5 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.5 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.5 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.5 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.5 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

github.com/go-git/go-git/v5 CVE-2026-33762 低危 v5.4.2 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-31 15:16 修改: 2026-06-17 10:38

github.com/go-git/go-git/v5 CVE-2026-45570 低危 v5.4.2 5.19.1 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:52

github.com/containerd/containerd GHSA-c9cp-9c75-9v8c 低危 v1.5.9 1.5.11, 1.6.2 containerd started with non-empty inheritable Linux process capabilities

漏洞详情: https://github.com/advisories/GHSA-c9cp-9c75-9v8c

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-05-14 22:04 修改: 2024-07-08 12:58

github.com/docker/distribution GHSA-qq97-vm5h-rrhg 低危 v2.7.1+incompatible 2.8.0 OCI Manifest Type Confusion Issue

漏洞详情: https://github.com/advisories/GHSA-qq97-vm5h-rrhg

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-02-08 18:53 修改: 2023-02-09 15:29

github.com/docker/docker CVE-2025-54410 低危 v20.10.11+incompatible 25.0.13, 28.0.0 github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-30 14:15 修改: 2026-06-17 09:40

oras.land/oras-go CVE-2026-48978 低危 v1.1.0 oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48978

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

github.com/docker/docker GHSA-vp35-85q5-9f25 低危 v20.10.11+incompatible 20.10.20 Container build can leak any path on the host into the container

漏洞详情: https://github.com/advisories/GHSA-vp35-85q5-9f25

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2022-11-11 00:03 修改: 2024-07-08 15:52

stdlib CVE-2024-45341 低危 v1.21.5 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.5 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.5 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto CVE-2022-30636 未知 v0.0.0-20220315160706-3147a52a75dd 0.0.0-20220525230936-793ad666bf5e httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30636

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 20:15 修改: 2026-06-17 04:43

golang.org/x/sys CVE-2026-39824 未知 v0.6.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/gitlab-glfm-markdown-0.0.12-x86_64-linux/Cargo.lock (cargo)
低危漏洞:1 中危漏洞:2 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
anstream GHSA-2rxc-gjrp-vjhx 中危 0.6.5 0.6.8 Unsoundness in anstream

漏洞详情: https://github.com/advisories/GHSA-2rxc-gjrp-vjhx

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-04 18:31 修改: 2024-12-04 18:31

time CVE-2026-25727 中危 0.3.31 0.3.47 time: time affected by a stack exhaustion denial of service attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-06 20:16 修改: 2026-06-17 10:25

shlex CVE-2024-58266 低危 1.2.0 1.3.0 shlex: Shlex Command Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58266

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-07-27 22:15 修改: 2026-06-17 08:14

opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/prometheus-client-mmap-1.1.1-x86_64-linux/ext/fast_mmaped_file_rs/Cargo.lock (cargo)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
opt/gitlab/embedded/service/gitlab-shell/bin/check (gobinary)
低危漏洞:3 中危漏洞:48 高危漏洞:23 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-25681 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.18.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.18.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/net CVE-2023-45288 高危 v0.18.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.18.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.18.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.18.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.18.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.18.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell (gobinary)
低危漏洞:3 中危漏洞:48 高危漏洞:23 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-25681 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.18.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.18.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/net CVE-2023-45288 高危 v0.18.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.18.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.18.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.18.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.18.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.18.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)
低危漏洞:3 中危漏洞:48 高危漏洞:23 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-25681 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.18.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.18.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/net CVE-2023-45288 高危 v0.18.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.18.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.18.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.18.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.18.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.18.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)
低危漏洞:3 中危漏洞:48 高危漏洞:23 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/net CVE-2026-25681 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.18.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.18.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/net CVE-2023-45288 高危 v0.18.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.18.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2025-22870 中危 v0.18.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.18.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.18.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.18.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-sshd (gobinary)
低危漏洞:3 中危漏洞:54 高危漏洞:36 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.60.1 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2024-24790 严重 v1.21.6 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.21.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.18.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2023-45288 高危 v0.18.0 0.23.0 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

golang.org/x/net CVE-2024-45338 高危 v0.18.0 0.33.0 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45338

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-18 21:15 修改: 2026-06-17 07:54

golang.org/x/net CVE-2026-25681 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.18.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.18.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

golang.org/x/oauth2 CVE-2025-22868 高危 v0.13.0 0.27.0 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.0 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-21 22:15 修改: 2026-06-17 09:08

golang.org/x/crypto CVE-2024-45337 高危 v0.18.0 0.31.0 golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-12-12 02:02 修改: 2026-06-17 07:54

golang.org/x/crypto CVE-2025-22869 高危 v0.18.0 0.35.0 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-26 08:14 修改: 2026-06-17 08:50

stdlib CVE-2023-45288 高危 v1.21.6 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.21.6 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.21.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.21.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.21.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.21.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.21.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.21.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.21.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.21.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.21.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.21.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.21.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39833 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2025-22870 中危 v0.18.0 0.36.0 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-22872 中危 v0.18.0 0.38.0 golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-16 18:16 修改: 2026-06-17 08:50

golang.org/x/net CVE-2025-47911 中危 v0.18.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.18.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.18.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/hashicorp/go-retryablehttp CVE-2024-6104 中危 v0.7.5 0.7.7 go-retryablehttp: url might write sensitive information to log file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6104

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-24 17:15 修改: 2026-06-17 08:17

google.golang.org/protobuf CVE-2024-24786 中危 v1.32.0 1.33.0 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

golang.org/x/crypto CVE-2025-47914 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.18.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/crypto CVE-2026-39827 中危 v0.18.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

stdlib CVE-2023-45289 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.21.6 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.21.6 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.21.6 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.21.6 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.21.6 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.21.6 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.21.6 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.21.6 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.21.6 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.21.6 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.21.6 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.21.6 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.21.6 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.21.6 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.21.6 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.21.6 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.21.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.21.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.21.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.21.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.21.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.21.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.21.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.21.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.21.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.21.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.21.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.21.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.21.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.21.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.21.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.21.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.21.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.21.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.21.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.21.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.21.6 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.21.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.21.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/crypto GO-2026-5932 未知 v0.18.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/sys CVE-2026-39824 未知 v0.16.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e0f8d7e4cacf88bd5e6f590abeb428e17b744791b333476b2fee20c778f966ff

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

/etc/ssh/ssh_host_ecdsa_key ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/etc/ssh/ssh_host_ed25519_key ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/etc/ssh/ssh_host_rsa_key ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/aws-sdk-core-3.191.1/lib/aws-sdk-ssooidc/client.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/aws-sdk-core-3.191.5/lib/aws-sdk-ssooidc/client.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/chef-18.3.0/lib/chef/resource/openssl_ec_public_key.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/chef-zero-15.0.11/lib/chef_zero.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/lib/ruby/gems/3.1.0/gems/fog-aws-3.18.0/lib/fog/aws/models/compute/key_pairs.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/gitlab-rails/app/models/integrations/diffblue_cover.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/gitlab-rails/app/models/integrations/prometheus.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks.toml ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/gitlab-rails/lib/api/helpers/integrations_helpers.rb ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/mattermost/client/4270.947593d5211b6cd4b090.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/opt/gitlab/embedded/service/mattermost/client/4270.947593d5211b6cd4b090.js.map ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×