docker.io/gitlab/gitlab-ce:18.8.10-ce.0 linux/amd64

docker.io/gitlab/gitlab-ce:18.8.10-ce.0 - Trivy安全扫描结果扫描时间: 2026-06-16 12:18

全部漏洞信息

低危漏洞:152

中危漏洞:592

高危漏洞:475

严重漏洞:48

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-16 12:18

docker.io/gitlab/gitlab-ce:18.8.10-ce.0 (ubuntu 24.04) (ubuntu)

低危漏洞:20

中危漏洞:47

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libssl3t64	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
openssl	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
busybox	CVE-2024-58251	中危	1:1.36.1-6ubuntu3.1		In netstat in BusyBox through 1.37.0, local users can launch of networ ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
busybox	CVE-2025-46394	中危	1:1.36.1-6ubuntu3.1		In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
busybox	CVE-2025-60876	中危	1:1.36.1-6ubuntu3.1		busybox: BusyBox wget: HTTP request-target allows header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-60876 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2025-11-10 20:15 修改: 2026-06-02 14:16
dpkg	CVE-2026-2219	中危	1.22.6ubuntu6.5	1.22.6ubuntu6.6	It was discovered that dpkg-deb (a component of dpkg, the Debian packa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-07 09:16 修改: 2026-06-02 19:12
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libcap2	CVE-2026-4878	中危	1:2.66-5ubuntu2.2	1:2.66-5ubuntu2.4	libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-09 16:16 修改: 2026-06-11 10:16
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-23 05:16 修改: 2026-04-27 18:33
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-04 10:15 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-30 18:16 修改: 2026-06-02 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-18 13:16 修改: 2026-06-08 17:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-07 12:16 修改: 2026-06-10 16:17
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-07 15:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-01 21:16 修改: 2026-06-02 17:16
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3t64	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
busybox	CVE-2023-42366	中危	1:1.36.1-6ubuntu3.1		busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
openssl	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
openssl	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
sed	CVE-2026-5958	中危	4.9-2build1	4.9-2ubuntu0.24.04.1	sed: GNU sed TOCTOU race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-20 12:16 修改: 2026-05-19 15:17
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
wget	CVE-2021-31879	中危	1.21.4-1ubuntu4.1		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2021-04-29 05:15 修改: 2024-11-21 06:06
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libssl3t64	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libssl3t64	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:a62853be6c9200f4a6f010d2e5b54c19f9910d471989c9a4200564fcd222f3d0 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libssl3t64	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:538812a4b9bd45adaac2b5e5b967daa6999aa44eb110aa32ae7c69702b906475 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35

Node.js (node-pkg)

低危漏洞:3

中危漏洞:7

高危漏洞:14

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
handlebars	CVE-2019-19919	严重	1.0.0	4.3.0, 3.0.8	nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-12-20 23:15 修改: 2024-11-21 04:35
handlebars	CVE-2021-23369	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2021-04-12 14:15 修改: 2024-11-21 05:51
handlebars	CVE-2021-23383	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2021-05-04 09:15 修改: 2024-11-21 05:51
diff	GHSA-h6ch-v84p-w6p9	高危	1.0.0	3.5.0	Regular Expression Denial of Service (ReDoS) 漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-06-13 18:58 修改: 2021-02-24 19:27
handlebars	CVE-2019-20920	高危	1.0.0	3.0.8, 4.5.3	nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-09-30 18:15 修改: 2024-11-21 04:39
handlebars	GHSA-2cf5-4w76-r9qv	高危	1.0.0	3.0.8, 4.5.2	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-09-04 14:57 修改: 2024-01-29 20:54
handlebars	GHSA-g9r4-xpmj-mj65	高危	1.0.0	3.0.8, 4.5.3	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-09-04 15:06 修改: 2020-08-31 18:55
handlebars	GHSA-q2c6-c6pm-g3gh	高危	1.0.0	3.0.8, 4.5.3	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-09-04 15:07 修改: 2020-08-31 18:55
handlebars	GHSA-q42p-pg8m-cqh6	高危	1.0.0	4.1.2, 4.0.14, 3.0.7	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-06-05 14:07 修改: 2021-08-04 20:54
ini	CVE-2020-7788	高危	1.0.0	1.3.6	nodejs-ini: Prototype pollution via malicious INI file 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-12-11 11:15 修改: 2024-11-21 05:37
json	CVE-2020-7712	高危	1.0.0	10.0.0	trentm/json vulnerable to command injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-08-30 08:15 修改: 2024-11-21 05:37
npm	CVE-2018-7408	高危	1.0.1	5.7.1	Incorrect Permission Assignment for Critical Resource in NPM 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2018-02-22 18:29 修改: 2024-11-21 04:12
npm	CVE-2019-16775	高危	1.0.1	6.13.3	npm: Symlink reference outside of node_modules folder through the bin field upon installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm	CVE-2019-16776	高危	1.0.1	6.13.3	npm: Arbitrary file write via constructed entry in the package.json bin field 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm	CVE-2019-16777	高危	1.0.1	6.13.4	npm: Global node_modules Binary Overwrite 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
thrift	CVE-2026-41636	高危	0.0.0-DEVELOPMENT	0.23.0	apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41636 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:38
thrift	CVE-2026-43870	高危	0.0.0-DEVELOPMENT		Origin Validation Error, Improper Limitation of a Pathname to a Restri ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-05 09:16 修改: 2026-05-06 18:05
npm	CVE-2016-3956	中危	1.0.1	>= 2.15.1 <= 3.0.0, >= 3.8.3	npm: bearer token leak to non-registry hosts 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2016-07-02 14:59 修改: 2026-05-06 22:30
npm	CVE-2020-15095	中危	1.0.1	6.14.6	npm: sensitive information exposure through logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-07-07 19:15 修改: 2024-11-21 05:04
pug	CVE-2021-21353	中危	1.0.0	3.0.1	pug: user provided objects as input to pug templates can achieve remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2021-03-03 02:15 修改: 2025-05-27 21:08
pug	CVE-2024-36361	中危	1.0.0	3.0.3	Pug allows JavaScript code execution if an application accepts untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-05-24 06:15 修改: 2026-04-15 00:35
handlebars	CVE-2015-8861	中危	1.0.0	>=4.0.0	The handlebars package before 4.0.0 for Node.js allows remote attacker ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2017-01-23 21:59 修改: 2026-05-13 00:24
handlebars	NSWG-ECO-519	中危	1.0.0	>=4.6.0	Denial of Service 漏洞详情: https://hackerone.com/reports/726364 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
yaml	CVE-2026-33532	中危	1.0.0	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
npm	CVE-2013-4116	低危	1.0.1	>=1.3.3	npm: Insecure temporary directory generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2014-04-22 14:23 修改: 2026-05-06 22:30
diff	CVE-2026-24001	低危	1.0.0	8.0.3, 5.2.2, 4.0.4, 3.5.1	jsdiff: denial of service vulnerability in parsePatch and applyPatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
markdown	GHSA-wx77-rp39-c6vg	低危	1.0.0		Regular Expression Denial of Service in markdown 漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2020-09-04 15:11 修改: 2022-03-24 22:10

Python (python-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Ruby (gemspec)

低危漏洞:4

中危漏洞:35

高危漏洞:21

严重漏洞:7

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
activestorage	CVE-2026-33195	严重	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33195 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
activestorage	CVE-2026-33202	严重	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	rails: Active Storage: Unintended file deletion via crafted blob keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33202 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
net-imap	CVE-2026-42257	严重	0.3.8	~> 0.4.24, ~> 0.5.14, >= 0.6.4	net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 17:59
net-imap	CVE-2026-42258	严重	0.3.8	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:02
net-imap	CVE-2026-42257	严重	0.5.9	~> 0.4.24, ~> 0.5.14, >= 0.6.4	net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 17:59
net-imap	CVE-2026-42258	严重	0.5.9	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:02
zlib	CVE-2026-27820	严重	3.0.0	~> 3.0.1, ~> 3.1.2, >= 3.2.3	zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-16 18:16 修改: 2026-05-21 19:31
erb	CVE-2026-41316	高危	4.0.2	~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	erb: ERB: Arbitrary code execution via deserialization bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41316 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-24 03:16 修改: 2026-04-29 20:56
httparty	CVE-2025-68696	高危	0.23.1	>= 0.24.0	httparty: Httparty: Server-Side Request Forgery (SSRF) allows information disclosure and unauthorized internal access. 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68696 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-23 23:15 修改: 2026-04-29 01:00
jwt	CVE-2026-45363	高危	2.10.2	~> 2.10.3, >= 3.2.0	ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45363 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
activestorage	CVE-2026-33174	高危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33174 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
activesupport	CVE-2026-33176	高危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Denial of Service via large scientific notation strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
net-imap	CVE-2026-42245	高危	0.3.8	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:12
net-imap	CVE-2026-42246	高危	0.3.8	~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:08
activesupport	CVE-2026-33176	高危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Denial of Service via large scientific notation strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
addressable	CVE-2026-35611	高危	2.8.7	>= 2.9.0	addressable: Addressable: Denial of Service via crafted URI templates 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 17:16 修改: 2026-04-15 17:20
net-imap	CVE-2026-42245	高危	0.5.9	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:12
net-imap	CVE-2026-42246	高危	0.5.9	~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:08
nokogiri	GHSA-c4rq-3m3g-8wgx	高危	1.18.10	>= 1.19.3	Nokogiri CSS selector tokenizer has regular expression backtracking 漏洞详情: https://github.com/advisories/GHSA-c4rq-3m3g-8wgx 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-06 18:24 修改: 2026-05-06 18:24
oauth	GHSA-prq8-7wvh-44qh	高危	0.5.6	>= 1.1.6	Cross-origin OAuth token-request redirects can expose signed request metadata 漏洞详情: https://github.com/advisories/GHSA-prq8-7wvh-44qh 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
oauth2	GHSA-pp92-crg2-gfv9	高危	2.0.10	>= 2.0.22	Protocol-relative redirect Location overrides authority in OAuth2::Client#request, leaking bearer Authorization to attacker host 漏洞详情: https://github.com/advisories/GHSA-pp92-crg2-gfv9 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47736	高危	5.6.8	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47737	高危	5.6.8	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47736	高危	7.1.0	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47737	高危	7.1.0	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
sinatra	CVE-2025-61921	高危	2.2.4	>= 4.2.0	sinatra: Sinatra has ReDoS vulnerability in ETag header value generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61921 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-10 20:15 修改: 2025-10-31 16:27
uri	CVE-2025-61594	高危	0.12.4	~> 0.12.5, ~> 0.13.3, >= 1.0.4	uri: URI module: Credential exposure via URI + operator 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61594 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-30 21:15 修改: 2026-04-16 18:16
bcrypt	CVE-2026-33306	高危	3.1.20	>= 3.1.22	github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33306 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 01:17 修改: 2026-03-30 14:07
graphql	GHSA-3h96-34p3-xm76	中危	2.5.11	~> 2.3.23, ~> 2.4.18, ~> 2.5.26, >= 2.6.1	GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens 漏洞详情: https://github.com/advisories/GHSA-3h96-34p3-xm76 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-05 21:51 修改: 2026-05-05 21:51
activesupport	CVE-2026-33170	中危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#% 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:00
icalendar	CVE-2026-33635	中危	2.10.3	>= 2.12.2	iCalendar is a Ruby library for dealing with iCalendar files in the iC ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33635 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-26 21:17 修改: 2026-04-10 15:49
activestorage	CVE-2026-33173	中危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33173 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:56
activesupport	CVE-2026-33169	中危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:01
activesupport	CVE-2026-33170	中危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#% 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:00
activestorage	CVE-2026-33658	中危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33658 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-26 22:16 修改: 2026-04-30 19:02
aws-sdk-s3	CVE-2025-14762	中危	1.149.1	>= 1.208.0	aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-17 21:15 修改: 2026-04-15 00:35
net-imap	CVE-2025-43857	中危	0.3.8	~> 0.2.5, ~> 0.3.9, ~> 0.4.20, >= 0.5.7	net-imap: net-imap rubygem vulnerable to possible DoS by memory exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-43857 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-28 16:15 修改: 2025-11-21 19:23
net-imap	CVE-2026-47240	中危	0.3.8	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47242	中危	0.3.8	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via ID command argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aws-sdk-s3	CVE-2025-14762	中危	1.193.0	>= 1.208.0	aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-17 21:15 修改: 2026-04-15 00:35
actionview	CVE-2026-33168	中危	7.2.3	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33168 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-23 23:17 修改: 2026-04-16 14:46
carrierwave	CVE-2023-49090	中危	1.3.4	~> 2.2.5, >= 3.0.5	CarrierWave is a solution for file uploads for Rails, Sinatra and othe ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-29 15:15 修改: 2024-11-21 08:32
carrierwave	CVE-2024-29034	中危	1.3.4	~> 2.2.6, >= 3.0.7	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-03-24 20:15 修改: 2025-11-07 01:41
net-imap	CVE-2026-42256	中危	0.5.9	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42256 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:06
net-imap	CVE-2026-47240	中危	0.5.9	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47242	中危	0.5.9	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via ID command argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
carrierwave	CVE-2026-44587	中危	1.3.4	~> 2.2.7, >= 3.1.3	CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44587 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nokogiri	GHSA-v2fc-qm4h-8hqv	中危	1.18.10	>= 1.19.3	Nokogiri XSLT transform has a memory leak 漏洞详情: https://github.com/advisories/GHSA-v2fc-qm4h-8hqv 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-06 18:27 修改: 2026-05-06 18:27
nokogiri	GHSA-wx95-c6cv-8532	中危	1.18.10	>= 1.19.1	Nokogiri does not check the return value from xmlC14NExecute 漏洞详情: https://github.com/advisories/GHSA-wx95-c6cv-8532 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-18 21:57 修改: 2026-02-18 21:57
css_parser	CVE-2026-44312	中危	1.14.0	~> 1.22.0, >= 2.1.0	css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44312 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-14 17:16 修改: 2026-05-15 19:16
devise	CVE-2026-32700	中危	4.9.4	>= 5.0.3	devise: Devise: Unauthorized email confirmation due to a race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32700 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-18 21:16 修改: 2026-03-26 14:47
devise	CVE-2026-40295	中危	4.9.4	>= 5.0.4	Devise is an authentication solution for Rails based on Warden. In ver ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40295 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-22 20:16 修改: 2026-05-29 18:55
devise-two-factor	CVE-2024-8796	中危	4.1.1	>= 6.0.0	Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8796 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-09-17 18:15 修改: 2024-09-30 14:10
puma	CVE-2024-45614	中危	5.6.8	~> 5.6.9, >= 6.4.3	rubygem-puma: Header normalization allows for client to clobber proxy set headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45614 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-09-19 23:15 修改: 2025-11-03 23:15
activesupport	CVE-2026-33169	中危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:01
faraday	CVE-2026-25765	中危	2.13.4	~> 1.10.5, >= 2.14.1	Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-09 21:15 修改: 2026-02-20 21:03
sidekiq-cron	CVE-2025-67202	中危	2.3.1	>= 2.4.0	sidekiq-cron: Sidekiq-cron: Cross-site scripting vulnerability via crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67202 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 15:16 修改: 2026-05-08 23:16
faraday	CVE-2026-33637	中危	2.13.4	>= 2.14.2	Faraday is an HTTP client library abstraction layer that provides a co ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-19 19:16 修改: 2026-05-21 20:17
sinatra	CVE-2024-21510	中危	2.2.4	>= 4.1.0	sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21510 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-11-01 05:15 修改: 2026-04-15 00:35
faraday	CVE-2026-25765	中危	2.8.1	~> 1.10.5, >= 2.14.1	Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-09 21:15 修改: 2026-02-20 21:03
view_component	CVE-2026-44836	中危	3.23.2	>= 4.9.0, >= 3.25.0, < 4.0.0	view_component is a framework for building reusable, testable, and enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-26 21:16 修改: 2026-06-01 18:22
view_component	CVE-2026-44837	中危	3.23.2	>= 4.9.0, >= 3.25.0, < 4.0.0	view_component is a framework for building reusable, testable, and enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44837 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-26 21:16 修改: 2026-06-02 18:43
faraday	CVE-2026-33637	中危	2.8.1	>= 2.14.2	Faraday is an HTTP client library abstraction layer that provides a co ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-19 19:16 修改: 2026-05-21 20:17
net-imap	CVE-2026-47241	低危	0.5.9	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Denial of Service via incomplete raw argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47241	低危	0.3.8	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Denial of Service via incomplete raw argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
thor	CVE-2025-54314	低危	1.2.2	>= 1.4.0	thor: Thor Command Injection Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-20 03:15 修改: 2026-04-15 00:35
thor	CVE-2025-54314	低危	1.3.1	>= 1.4.0	thor: Thor Command Injection Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-20 03:15 修改: 2026-04-15 00:35

opt/gitlab/embedded/bin/alertmanager (gobinary)

低危漏洞:1

中危漏洞:11

高危漏洞:14

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2025-22869	高危	v0.31.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.24.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.31.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2025-22870	中危	v0.33.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.33.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.31.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/cosign (gobinary)

低危漏洞:1

中危漏洞:19

高危漏洞:20

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.73.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/go-jose/go-jose/v3	CVE-2026-34986	高危	v3.0.4	3.0.5	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.0.5	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/sigstore/fulcio	CVE-2025-66506	高危	v1.7.1	1.8.3	github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66506 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-04 22:15 修改: 2026-03-10 19:30
github.com/sigstore/timestamp-authority	CVE-2025-66564	高危	v1.2.8	2.0.3	github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66564 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-04 23:15 修改: 2026-03-17 20:38
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.37.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.37.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/docker/cli	CVE-2025-15558	高危	v28.2.2+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/sigstore/rekor	CVE-2026-24117	中危	v1.3.10	1.5.0	github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24117 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-22 22:16 修改: 2026-02-02 15:07
github.com/sigstore/sigstore	CVE-2026-24137	中危	v1.9.5	1.10.4	github.com/sigstore/sigstore: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24137 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-23 00:15 修改: 2026-04-15 00:35
github.com/in-toto/in-toto-golang	GHSA-pmwq-pjrm-6p5r	中危	v0.9.0	0.11.0	in-toto-golang and in-toto-python have inconsistent negation behavior 漏洞详情: https://github.com/advisories/GHSA-pmwq-pjrm-6p5r 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 22:24 修改: 2026-05-08 22:24
github.com/theupdateframework/go-tuf/v2	CVE-2026-23991	中危	v2.1.1	2.3.1	github.com/theupdateframework/go-tuf/v2: go-tuf client DoS via malformed server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23991 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-22 03:15 修改: 2026-02-17 16:10
github.com/theupdateframework/go-tuf/v2	CVE-2026-23992	中危	v2.1.1	2.3.1	github.com/theupdateframework/go-tuf/v2: go-tuf improperly validates the configured threshold for delegations 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23992 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-22 03:15 修改: 2026-02-17 16:02
github.com/theupdateframework/go-tuf/v2	CVE-2026-24686	中危	v2.1.1	2.4.1	github.com/theupdateframework/go-tuf/v2: go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24686 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-27 01:16 修改: 2026-02-24 19:08
github.com/sigstore/cosign/v2	CVE-2026-22703	中危	v2.5.3	2.6.2	github.com/sigstore/cosign: Cosign verification accepts any valid Rekor entry under certain conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22703 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-10 07:16 修改: 2026-02-05 20:59
github.com/go-viper/mapstructure/v2	CVE-2025-11065	中危	v2.3.0	2.4.0	github.com/go-viper/mapstructure/v2: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11065 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-26 20:16 修改: 2026-04-15 00:35
github.com/sigstore/fulcio	CVE-2026-22772	中危	v1.7.1	1.8.5	fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22772 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-12 21:15 修改: 2026-03-05 13:48
golang.org/x/crypto	CVE-2025-47914	中危	v0.40.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.40.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
github.com/sigstore/rekor	CVE-2026-23831	中危	v1.3.10	1.5.0	github.com/sigstore/rekor: Rekor denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23831 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-22 22:16 修改: 2026-02-02 15:06
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitaly (gobinary)

低危漏洞:4

中危漏洞:16

高危漏洞:18

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.13.0	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.1	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.5	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.38.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.63.1	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/go-git/go-git/v5	CVE-2026-25934	中危	v5.13.0	5.16.5	go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-09 23:16 修改: 2026-02-20 20:21
github.com/go-git/go-git/v5	CVE-2026-34165	中危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.13.0	5.18.0	golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.13.0	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-git/v5	CVE-2026-33762	低危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00
github.com/cloudflare/circl	CVE-2026-1229	低危	v1.6.1	1.6.3	CIRCL has an incorrect calculation in secp384r1 CombinedMult 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-24 08:16 修改: 2026-03-03 00:29
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitaly-backup (gobinary)

低危漏洞:1

中危漏洞:10

高危漏洞:16

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.1	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.5	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.63.1	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.38.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitaly-blackbox (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:15

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.38.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitaly-debug (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:15

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.38.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitaly-wrapper (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-kas (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:16

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.78.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.39.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.39.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.39.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-pages (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.67.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-resize-image (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/image	CVE-2026-33809	中危	v0.28.0	0.38.0	golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-25 19:16 修改: 2026-04-21 16:30
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-workhorse (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:20

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.73.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/modelcontextprotocol/go-sdk	CVE-2026-27896	高危	v0.8.0	1.3.1	modelcontextprotocol/go-sdk: improper handling of case sensitivity 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27896 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-26 01:16 修改: 2026-04-14 00:40
github.com/modelcontextprotocol/go-sdk	CVE-2026-33252	高危	v0.8.0	1.4.1	encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33252 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-24 00:16 修改: 2026-04-15 16:33
github.com/modelcontextprotocol/go-sdk	CVE-2026-34742	高危	v0.8.0	1.4.0	github.com/modelcontextprotocol/go-sdk: Model Context Protocol (MCP) Go SDK: DNS rebinding vulnerability allows unauthorized access 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34742 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-02 19:21 修改: 2026-04-03 19:48
github.com/modelcontextprotocol/go-sdk	GHSA-q382-vc8q-7jhj	高危	v0.8.0	1.4.1	Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk 漏洞详情: https://github.com/advisories/GHSA-q382-vc8q-7jhj 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-19 12:44 修改: 2026-03-19 12:44
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.37.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.37.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.1	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/image	CVE-2026-33809	中危	v0.28.0	0.38.0	golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-25 19:16 修改: 2026-04-21 16:30
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.7.1	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.88.4	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-zip-cat (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.73.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/gitlab-zip-metadata (gobinary)

低危漏洞:1

中危漏洞:9

高危漏洞:16

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.73.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.37.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.37.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.1	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/go-crond (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/mattermost (gobinary)

低危漏洞:43

中危漏洞:113

高危漏洞:25

严重漏洞:7

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/mattermost/mattermost/server/v8	CVE-2025-12419	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251028000919-d3ed703dc833	Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12419 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 16:15 修改: 2025-12-03 15:17
github.com/mattermost/mattermost/server/v8	CVE-2025-12421	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251022210333-acda1fb5dd46	Mattermost fails to to verify the token used during code exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12421 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 18:15 修改: 2025-12-03 15:10
github.com/mattermost/mattermost/server/v8	CVE-2025-20051	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250122165010-4ed702ccff4e, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost allows reading arbitrary files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-08-18 18:22
github.com/mattermost/mattermost/server/v8	CVE-2025-25279	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250122165010-4ed702ccff4e, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost allows reading arbitrary files related to importing boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25279 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-02 18:19
github.com/mattermost/mattermost/server/v8	CVE-2025-4981	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250519205859-65aec10162f6, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows authenticated users to write files to arbitrary locations 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4981 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 11:15 修改: 2025-07-08 17:59
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2025-68121	严重	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/mattermost/mattermost/server/v8	CVE-2024-41144	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.7.6, 9.8.2, 9.9.1, 8.0.0-20240619142046-8181a9ddffc0	Mattermost allows remote actor to create/update/delete posts in arbitrary channels 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41144 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:25
github.com/mattermost/mattermost/server/v8	CVE-2025-14273	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7a	Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14273 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-22 12:16 修改: 2025-12-29 18:47
github.com/mattermost/mattermost/server/v8	CVE-2025-58073	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250807174701-e14175eb6539	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58073 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:51
github.com/mattermost/mattermost/server/v8	CVE-2025-58075	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815100400-2d5cdc6e217e	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58075 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:49
github.com/mattermost/mattermost/server/v8	CVE-2025-9072	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250731063404-9eebaadf8f72	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9072 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 11:15 修改: 2025-09-16 16:00
github.com/mattermost/mattermost/server/v8	CVE-2025-9079	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250707221302-a8fa77f107ef	Mattermost Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9079 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-19 20:15 修改: 2025-09-25 20:16
github.com/mattermost/mattermost/server/v8	CVE-2026-24458	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129164748-7201f42d955f	Mattermost fails to properly handle very long passwords 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:14
github.com/mattermost/mattermost/server/v8	CVE-2026-6346	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260326202606-fac92f4a71f3	Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6346 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 18:39
github.com/russellhaering/goxmldsig	CVE-2026-33487	高危	v1.5.0	1.6.0	github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33487 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-26 18:16 修改: 2026-04-20 14:15
github.com/mattermost/mattermost/server/v8	CVE-2023-6458	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.5, 9.0.3	Mattermost Injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-06 09:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2024-1887	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.3.1, 9.2.5, 8.1.9	Mattermost post fetching without auditing in compliance export 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1887 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 08:15 修改: 2025-05-12 13:32
stdlib	CVE-2025-61726	高危	v1.24.6	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.24.6	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.24.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.24.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.24.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.24.6	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.24.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.24.6	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.24.6	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.24.6	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.24.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.24.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/mattermost/mattermost/server/v8	CVE-2024-41162	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.7.6, 9.8.2, 9.9.1, 8.0.0-20240628125750-70b218839fa7	Mattermost allows a remote actor to make an arbitrary local channel read-only 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41162 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:03
github.com/mattermost/mattermost/server/v8	CVE-2024-41926	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.9.1, 8.0.0-20240604093018-5114c3b7cdb8	Mattermost allows remote actor to set arbitrary RemoteId values for synced users 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41926 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 16:55
github.com/mattermost/mattermost/server/v8	CVE-2024-46872	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 09:15 修改: 2024-11-08 15:00
github.com/mattermost/mattermost/server/v8	CVE-2024-47003	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240806094731-69a8b3df0f9f	Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47003 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-09-26 08:15 修改: 2024-09-26 18:42
github.com/mattermost/mattermost/server/v8	CVE-2024-47401	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost Server vulnerable to application crash from attacker-generated large response 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47401 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 09:15 修改: 2025-09-29 14:47
github.com/mattermost/mattermost/server/v8	CVE-2024-50052	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost server allows authenticated user to delete arbitrary post 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50052 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 08:15 修改: 2025-09-29 14:47
github.com/mattermost/mattermost/server/v8	CVE-2025-11776	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815165020-c8d66301415d	Mattermost fails to properly restrict access to archived channel search API 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11776 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:52
github.com/mattermost/mattermost/server/v8	CVE-2025-11794	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250929212932-a41db04d2746	Mattermost allows system administrators to access password hashes and MFA secrets 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11794 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 11:15 修改: 2025-11-19 21:40
github.com/mattermost/mattermost/server/v8	CVE-2025-12559	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251015091448-abbf01b9db45	Mattermost fails to sanitize team email addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12559 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 17:15 修改: 2025-12-03 15:16
github.com/mattermost/mattermost/server/v8	CVE-2025-12756	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty		Mattermost fails to validate user permissions when deleting comments in Boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12756 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-01 20:15 修改: 2025-12-05 15:26
github.com/mattermost/mattermost/server/v8	CVE-2025-13324	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251031095924-e7e23b94e006	Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13324 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-17 19:16 修改: 2025-12-29 18:46
github.com/mattermost/mattermost/server/v8	CVE-2025-13767	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7	Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13767 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-24 08:15 修改: 2025-12-31 18:56
github.com/mattermost/mattermost/server/v8	CVE-2025-13821	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251210191531-cd17b61de41b	Mattermost fails to sanitize sensitive data in WebSocket messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13821 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 12:16 修改: 2026-02-18 21:44
github.com/mattermost/mattermost/server/v8	CVE-2025-14350	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251209134645-761e56bb11cc	Mattermost fails to properly validate team membership when processing channel mentions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14350 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 13:15 修改: 2026-02-18 20:19
github.com/mattermost/mattermost/server/v8	CVE-2025-20033	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.16, 10.0.4, 10.1.4, 10.2.1, 8.0.0-20250102081831-64c566a8280b	mattermost: DoS via custom post type for sysconsole plugin readers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20033 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-10-02 17:26
github.com/mattermost/mattermost/server/v8	CVE-2025-20086	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost fails to properly validate post props 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20086 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 17:15 修改: 2025-09-30 15:51
github.com/mattermost/mattermost/server/v8	CVE-2025-20088	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost fails to properly validate post props 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20088 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 17:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-20621	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost webapp crash via a crafted post 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20621 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-16 19:15 修改: 2025-10-01 17:54
github.com/mattermost/mattermost/server/v8	CVE-2025-21088	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost Incorrect Type Conversion or Cast 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21088 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 16:15 修改: 2025-09-30 15:52
github.com/mattermost/mattermost/server/v8	CVE-2025-24526	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250110161910-96195f1bd746, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost fails to restrict channel export of archived channels 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24526 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-01 18:03
github.com/mattermost/mattermost/server/v8	CVE-2025-2475	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250220161544-fd356b62b4dd	Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2475 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 15:15 修改: 2025-10-02 14:53
github.com/mattermost/mattermost/server/v8	CVE-2025-2527	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.3, 9.11.12, 8.0.0-20250411064244-844447fbd57c	Mattermost Fails to Verify User's Permissions When Accessing Groups 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2527 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 16:15 修改: 2025-08-22 20:21
github.com/mattermost/mattermost/server/v8	CVE-2025-2564	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2564 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 17:15 修改: 2025-09-29 21:13
github.com/mattermost/mattermost/server/v8	CVE-2025-2571	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414095146-04676582cdd2, 10.6.3	Mattermost fails to clear Google OAuth credentials 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:15
github.com/mattermost/mattermost/server/v8	CVE-2025-27571	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-27933	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.4.3, 10.3.4, 9.11.9, 8.0.0-20250218135018-e644e3c8e393	Mattermost allows members with permission to convert public channels to private and convert private to public 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27933 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-21 09:15 修改: 2025-03-27 14:55
github.com/mattermost/mattermost/server/v8	CVE-2025-27936	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 8.0.0-20250314142426-c049748b8863	Mattermost vulnerable to Observable Timing Discrepancy 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27936 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 10:15 修改: 2026-01-14 14:29
github.com/mattermost/mattermost/server/v8	CVE-2025-31947	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.6.2, 10.5.3, 10.4.5, 9.11.12, 8.0.0-20250415054241-76ab3867b785	Mattermost Fails to Lockout LDAP Users After Repeated Login Failures 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31947 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 11:15 修改: 2025-10-06 15:30
github.com/mattermost/mattermost/server/v8	CVE-2025-32093	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250227102013-aa4623a93199	Mattermost Fails to Restrict Certain Operations on System Admins 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32093 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 07:15 修改: 2025-10-02 15:02
github.com/mattermost/mattermost/server/v8	CVE-2025-3227	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520060012-d0380305ef7a, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows unauthorized channel member management through playbook runs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3227 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 15:15 修改: 2025-07-08 14:31
github.com/mattermost/mattermost/server/v8	CVE-2025-3228	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520060012-d0380305ef7a, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows an unauthorized Guest user access to Playbook 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3228 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 15:15 修改: 2025-07-08 14:30
github.com/mattermost/mattermost/server/v8	CVE-2025-3230	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.6.3, 10.5.4, 9.11.13, 8.0.0-20250402193107-65343f84a783	Mattermost fails to properly invalidate personal access tokens upon user deactivation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3230 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:16
github.com/mattermost/mattermost/server/v8	CVE-2025-3446	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.6.2, 10.5.3, 10.4.5, 9.11.12, 8.0.0-20250415054241-76ab3867b785	Mattermost Fails to Validate Team Invite Permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3446 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 11:15 修改: 2025-09-29 21:05
github.com/mattermost/mattermost/server/v8	CVE-2025-35965	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to validate the uniqueness and quantity of task actions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-35965 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-09-29 21:10
github.com/mattermost/mattermost/server/v8	CVE-2025-36530	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250619095651-9dd0b3943e55	Mattermost Fails to Validate File Paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-36530 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 07:15 修改: 2025-08-25 15:22
github.com/mattermost/mattermost/server/v8	CVE-2025-3913	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.6.3, 10.5.4, 9.11.13, 8.0.0-20250412152950-02c76784380a	Mattermost improperly allows team administrators to modify team invites 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3913 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-29 16:15 修改: 2025-10-03 14:02
github.com/mattermost/mattermost/server/v8	CVE-2025-41395	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41395 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-10-01 19:35
github.com/mattermost/mattermost/server/v8	CVE-2025-41410	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250822083415-01b95392a450	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41410 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 18:00
github.com/mattermost/mattermost/server/v8	CVE-2025-41443	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250822090405-e8c7e7d0252b	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41443 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 08:15 修改: 2025-10-29 08:15
github.com/mattermost/mattermost/server/v8	CVE-2025-4573	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250414112942-77892234944b	Mattermost allows authenticated administrator to execute LDAP search filter injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4573 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-11 11:15 修改: 2025-07-08 17:59
github.com/mattermost/mattermost/server/v8	CVE-2025-46702	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250513065225-4ae5d647fb88, 9.11.16, 10.5.6, 10.6.6, 10.7.3, 10.8.1	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46702 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-30 17:15 修改: 2025-07-08 14:11
github.com/mattermost/mattermost/server/v8	CVE-2025-47870	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708065844-b38e2eccda18	Mattermost Does Not Sanitize the Team Invite ID 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:20
github.com/mattermost/mattermost/server/v8	CVE-2025-47871	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250513065225-4ae5d647fb88, 9.11.16, 10.5.6, 10.6.6, 10.7.3, 10.8.1	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47871 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-30 17:15 修改: 2025-07-08 14:11
github.com/mattermost/mattermost/server/v8	CVE-2025-49222	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost Fails to Validate Remote Cluster Upload Sessions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49222 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:20
github.com/mattermost/mattermost/server/v8	CVE-2025-55070	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250912063506-7d8b7b5e4a60	Mattermost does not enforce MFA on WebSocket connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55070 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:51
github.com/mattermost/mattermost/server/v8	CVE-2025-55073	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250929212932-a41db04d2746	Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55073 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-19 21:44
github.com/mattermost/mattermost/server/v8	CVE-2025-6226	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520130510-fa40a8c5d47f	Mattermost Missing Authentication for Critical Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6226 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 09:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-6233	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250529054450-d38c27f96fcf	Mattermost Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6233 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 10:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-64641	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7	Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64641 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-24 08:15 修改: 2025-12-31 18:55
github.com/mattermost/mattermost/server/v8	CVE-2025-6465	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost Fails to Sanitize File Names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6465 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 17:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-8023	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708065844-b38e2eccda18	Mattermost Fails to Sanitize Path Traversal Sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8023 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 14:56
github.com/mattermost/mattermost/server/v8	CVE-2025-8402	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost has Potential Server Crash due to Unvalidated Import Data 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8402 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 17:15 修改: 2025-10-01 20:23
github.com/mattermost/mattermost/server/v8	CVE-2025-9076	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250729073403-517ae758cd02	Mattermost Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9076 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 10:15 修改: 2025-09-20 02:52
github.com/mattermost/mattermost/server/v8	CVE-2025-9078	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250718075842-cd87e5c87737	Mattermost makes Use of Weak Hash 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9078 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 10:15 修改: 2025-09-16 15:58
github.com/mattermost/mattermost/server/v8	CVE-2026-0999	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251212052346-61651b0df7ea	Mattermost fails to properly validate login method restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0999 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 10:16 修改: 2026-02-18 20:20
github.com/mattermost/mattermost/server/v8	CVE-2026-21386	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260130144323-5bb5261c72fa	Mattermost fails to use consistent error responses when handling the /mute command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21386 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:53
github.com/mattermost/mattermost/server/v8	CVE-2026-2455	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129133647-5d787969c2d5	Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2455 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:55
github.com/mattermost/mattermost/server/v8	CVE-2026-2456	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127165411-fe3052073dc6	Mattermost fails to limit the size of responses from integration action endpoints 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2456 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 18:27
github.com/mattermost/mattermost/server/v8	CVE-2026-2457	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260123211116-9efe617be8b8	Mattermost allows attackers to spoof permalink embeds 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2457 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:49
github.com/mattermost/mattermost/server/v8	CVE-2026-2458	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260113182106-a18b80ba4c32	Mattermost allows a removed team member to enumerate all public channels within a private team 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:48
github.com/mattermost/mattermost/server/v8	CVE-2026-2463	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260105134819-cc427af41b2a	Mattermost fails to filter invite IDs based on user permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2463 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:43
github.com/mattermost/mattermost/server/v8	CVE-2026-24692	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260107142155-0481bd1fb045	Mattermost fails to properly enforce read permissions in search API endpoints 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24692 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:54
github.com/mattermost/mattermost/server/v8	CVE-2026-2578	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127062706-c6b205f0d770	Mattermost fails to preserve the redacted state of burn-on-read posts during deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2578 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:42
github.com/mattermost/mattermost/server/v8	CVE-2026-25780	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260123215601-86797c508c44	Mattermost fails to bound memory allocation when processing DOC files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25780 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:13
github.com/mattermost/mattermost/server/v8	CVE-2026-25783	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129181235-1346cf529aef	Mattermost fails to properly validate User-Agent header tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25783 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:11
github.com/mattermost/mattermost/server/v8	CVE-2026-26246	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260115183946-38b413a27604	Mattermost fails to bound memory allocation when processing PSD image files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26246 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:03
github.com/mattermost/mattermost/server/v8	CVE-2026-28732	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260306123948-f5fe8ded6b63	Mattermost doesn't enforce slash command trigger-word uniqueness during command updates 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28732 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-19 17:18
github.com/mattermost/mattermost/server/v8	CVE-2026-28759	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260216150504-8738f8c4b3d4	Mattermost does not verify remote cluster channel access when processing shared channel membership removals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28759 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-18 19:17
github.com/mattermost/mattermost/server/v8	CVE-2026-3637	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.11.14, 11.4.4, 8.0.0-20260316171743-090408f09f53, 11.5.2	Mattermost doesn't check the create_post channel permission during post edit operations 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3637 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:34
github.com/mattermost/mattermost/server/v8	CVE-2026-4265	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260107144005-c7f6efdfb035	Mattermost fails to validate team-specific upload_file permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4265 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:20 修改: 2026-03-18 17:41
github.com/mattermost/mattermost/server/v8	CVE-2026-5163	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 8.0.0-20260401090745-f4d1abe7e8f5	Mattermost doesn't verify channel membership when processing AI-assisted message rewrites 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5163 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:12
github.com/mattermost/mattermost/server/v8	CVE-2026-6339	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 11.4.4, 8.0.0-20260327001745-7a339a6438f5	Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6339 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:11
github.com/mattermost/mattermost/server/v8	CVE-2026-6340	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260325191733-fb11968f8798	Mattermost doesn't validate 7zip archive structure before processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6340 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:21
github.com/mattermost/mattermost/server/v8	CVE-2026-6345	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260311102650-3057ae7e83e9	Mattermost doesn't prevent disclosure of created user password 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6345 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:05
github.com/mattermost/mattermost/server/v8	CVE-2023-40703	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40703 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:19
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/image	CVE-2026-33809	中危	v0.27.0	0.38.0	golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-25 19:16 修改: 2026-04-21 16:30
github.com/mattermost/mattermost/server/v8	CVE-2023-43754	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43754 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:24
github.com/mattermost/mattermost/server/v8	CVE-2023-45223	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45223 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:26
github.com/mattermost/mattermost/server/v8	CVE-2023-47168	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47168 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:29
github.com/mattermost/mattermost/server/v8	CVE-2023-47858	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.1	Mattermost viewing archived public channels permissions vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47858 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:30
github.com/mattermost/mattermost/server/v8	CVE-2023-47865	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Improper Access Control vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47865 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 09:15 修改: 2024-11-21 08:30
github.com/mattermost/mattermost/server/v8	CVE-2023-48268	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48268 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:31
github.com/mattermost/mattermost/server/v8	CVE-2023-48369	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48369 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:31
github.com/mattermost/mattermost/server/v8	CVE-2023-48732	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost notified all users in the channel when using WebSockets to respond individually 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48732 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:32
github.com/mattermost/mattermost/server/v8	CVE-2023-5968	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.4, 8.1.3, 9.0.1, 8.0.0-20230825233148-f787fd63368a	Mattermost password hash disclosure vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5968 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-06 16:15 修改: 2024-11-21 08:42
github.com/mattermost/mattermost/server/v8	CVE-2023-6202	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Improper Access Control vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6202 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2023-6459	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.5	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6459 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-06 09:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2024-10241	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240813135334-8f3a13122f55	Mattermost Server allows user to get private channel names 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10241 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 08:15 修改: 2025-09-30 17:09
github.com/mattermost/mattermost/server/v8	CVE-2024-1402	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.8, 9.2.4, 9.1.5	Mattermost vulnerable to denial of service via large number of emoji reactions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1402 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-09 16:15 修改: 2024-11-21 08:50
github.com/mattermost/mattermost/server/v8	CVE-2024-1888	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 9.3.1, 9.2.5, 8.1.9	Mattermost fails to check the "invite_guest" permission 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1888 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 09:15 修改: 2025-05-12 13:35
github.com/mattermost/mattermost/server/v8	CVE-2024-1942	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.3.1, 9.2.5, 8.1.9	Mattermost allows attackers access to posts in channels they are not a member of 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1942 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:06
github.com/mattermost/mattermost/server/v8	CVE-2024-1953	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 9.3.1, 9.2.5, 8.1.9	Mattermost fails to limit the number of role names 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1953 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:09
stdlib	CVE-2025-47912	中危	v1.24.6	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58183	中危	v1.24.6	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58185	中危	v1.24.6	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58187	中危	v1.24.6	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.24.6	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.24.6	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.24.6	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.24.6	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.24.6	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.24.6	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.24.6	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.24.6	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.24.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.24.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.24.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.24.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.24.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.24.6	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/mattermost/mattermost/server/v8	CVE-2026-6333	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260325160634-e738016c5920	Mattermost doesn't validate the Host header when constructing response URLs for custom slash command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6333 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-19 17:51
github.com/mattermost/mattermost/server/v8	CVE-2026-6334	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260318173148-e9ae890a013b	Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6334 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-29 19:11
filippo.io/edwards25519	CVE-2026-26958	低危	v1.1.0	1.1.1	filippo.io/edwards25519: filippo.io/edwards25519: Cryptographic integrity bypass due to incorrect MultiScalarMult results 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26958 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-19 23:16 修改: 2026-04-15 00:35
github.com/mattermost/mattermost/server/v8	CVE-2023-35075	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-35075 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:07
github.com/mattermost/mattermost/server/v8	CVE-2023-50333	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost allows demoted guests to change group names 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50333 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:36
github.com/mattermost/mattermost/server/v8	CVE-2023-7113	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7113 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-29 13:15 修改: 2024-11-21 08:45
github.com/mattermost/mattermost/server/v8	CVE-2024-10214	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240821220019-0d6b1070a26f	Mattermost incorrectly issues two sessions when using desktop SSO 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10214 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-28 15:15 修改: 2024-11-05 17:03
github.com/mattermost/mattermost/server/v8	CVE-2024-1949	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 8.1.9	Mattermost race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1949 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:07
github.com/mattermost/mattermost/server/v8	CVE-2024-21848	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.11	Mattermost Server Improper Access Control 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21848 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-04-05 09:15 修改: 2024-12-13 16:36
github.com/mattermost/mattermost/server/v8	CVE-2024-23488	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 8.1.9	Mattermost fails to properly restrict the access of files attached to posts 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23488 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 08:15 修改: 2025-05-12 13:34
github.com/mattermost/mattermost/server/v8	CVE-2024-24776	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.8, 9.3.0	Mattermost fails to check the required permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24776 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-09 15:15 修改: 2024-11-21 08:59
github.com/mattermost/mattermost/server/v8	CVE-2024-39837	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.9.1, 8.0.0-20240626164322-c758cecaf30c	Mattermost did not properly restrict channel creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39837 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:38
github.com/mattermost/mattermost/server/v8	CVE-2025-10545	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250820115038-ff30b84049f0	Mattermost has an Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10545 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 18:02
github.com/mattermost/mattermost/server/v8	CVE-2025-11777	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11777 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-13 18:15 修改: 2025-11-17 18:05
github.com/mattermost/mattermost/server/v8	CVE-2025-13870	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b	Mattermost fails to validate user permissions in Boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-02 10:16 修改: 2025-12-03 20:57
github.com/mattermost/mattermost/server/v8	CVE-2025-1412	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20241217145510-faa7e4f2ea0c, 10.4.2, 9.11.7	Mattermost fails to invalidate all active sessions when converting a user to a bot 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1412 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-01 18:02
github.com/mattermost/mattermost/server/v8	CVE-2025-14573	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251215190648-6404ab29acc0	Mattermost fails to enforce invite permissions when updating team settings 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14573 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 13:16 修改: 2026-02-18 20:18
github.com/mattermost/mattermost/server/v8	CVE-2025-1792	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414110750-c23f44fe8ed0	Mattermost fails to properly enforce access controls for guest users 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1792 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:15
github.com/mattermost/mattermost/server/v8	CVE-2025-22445	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.3.0, 8.0.0-20250102081831-64c566a8280b	mattermost: Misleading UI for undefined admin console settings in Calls causes security confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22445 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-10-02 17:25
github.com/mattermost/mattermost/server/v8	CVE-2025-22449	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.6, 8.0.0-20250102081831-64c566a8280b	mattermost: Access control flaw for team admins allows unauthorized team additions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22449 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-09-29 17:44
github.com/mattermost/mattermost/server/v8	CVE-2025-2424	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250213231113-68c11e9ecb71	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2424 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 15:15 修改: 2025-10-01 18:18
github.com/mattermost/mattermost/server/v8	CVE-2025-24839	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24839 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-02 14:50
github.com/mattermost/mattermost/server/v8	CVE-2025-24866	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.9, 8.0.0-20250204211032-f52e08754c49	Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24866 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-10 16:15 修改: 2025-10-01 18:06
github.com/mattermost/mattermost/server/v8	CVE-2025-2570	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.3, 9.11.12, 8.0.0-20250411064244-844447fbd57c	Mattermost Fails to Check User Access to `ExperimentalSettings` 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2570 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 16:15 修改: 2025-10-06 15:22
github.com/mattermost/mattermost/server/v8	CVE-2025-27538	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Missing Authentication for Critical Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27538 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-31363	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.1, 10.4.3, 9.11.10, 8.0.0-20250218121836-2b5275d87136	Mattermost doesn't restrict domains LLM can request to contact upstream 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31363 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 10:15 修改: 2025-09-29 21:24
github.com/mattermost/mattermost/server/v8	CVE-2025-3611	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414154356-6f33b721de76	Mattermost fails to properly enforce access control restrictions for System Manager roles 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3611 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-07-08 17:11
github.com/mattermost/mattermost/server/v8	CVE-2025-4128	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250422131222-701ddc896a10	Mattermost allows guest users to view information about public teams they are not members of 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4128 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-11 11:15 修改: 2025-07-08 19:42
github.com/mattermost/mattermost/server/v8	CVE-2025-41423	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to properly validate permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41423 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-09-29 21:06
github.com/mattermost/mattermost/server/v8	CVE-2025-41436	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815165020-c8d66301415d	Mattermost allows regular users to access archived channel content and files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41436 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:52
github.com/mattermost/mattermost/server/v8	CVE-2025-47700	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250814075248-83a37a861d3c	Mattermost Server SSRF Vulnerability via the Agents Plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47700 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-10-29 18:40
github.com/mattermost/mattermost/server/v8	CVE-2025-49810	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095846-c602a4a78e1f	Mattermost Lack of Access Control Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49810 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:17
github.com/mattermost/mattermost/server/v8	CVE-2025-53971	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095846-c602a4a78e1f	Mattermost Fails to Properly Validate Team Role Modification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53971 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:16
github.com/mattermost/mattermost/server/v8	CVE-2025-54499	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250728063359-38208b8f065f	Mattermost has an Observable Timing Discrepancy vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:58
github.com/mattermost/mattermost/server/v8	CVE-2025-55074	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b6	Mattermost allows other users to determine when users had read channels via channel member objects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55074 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-18 16:15 修改: 2025-11-25 20:24
github.com/mattermost/mattermost/server/v8	CVE-2025-6227	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250612074655-8f8612c63783	Mattermost has Insufficiently Protected Credentials 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6227 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 12:15 修改: 2025-10-14 14:32
github.com/mattermost/mattermost/server/v8	CVE-2025-9081	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095935-11c36f4d1e44	Mattermost boards plugin fails to restrict download access to files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9081 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-19 20:15 修改: 2025-09-25 20:14
github.com/mattermost/mattermost/server/v8	CVE-2025-9084	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-202508080704-39bd251fe4f600	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9084 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 11:15 修改: 2025-09-16 15:59
github.com/mattermost/mattermost/server/v8	CVE-2026-22545	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127144908-ced9a56e3988	Mattermost fails to validate user's authentication method when processing account auth type switch 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22545 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:54
github.com/mattermost/mattermost/server/v8	CVE-2026-3495	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.11.14, 11.5.2, 8.0.0-20260310115442-5a1ea95044d	Mattermost doesn't escape some variables that could contain malicious content during error page composition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3495 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:37
github.com/mattermost/mattermost/server/v8	CVE-2026-4273	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260313190740-742e0be95074	Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4273 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:23
stdlib	CVE-2025-58186	低危	v1.24.6	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2026-27139	低危	v1.24.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/mmctl (gobinary)

低危漏洞:43

中危漏洞:113

高危漏洞:25

严重漏洞:7

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/mattermost/mattermost/server/v8	CVE-2025-12419	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251028000919-d3ed703dc833	Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12419 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 16:15 修改: 2025-12-03 15:17
github.com/mattermost/mattermost/server/v8	CVE-2025-12421	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251022210333-acda1fb5dd46	Mattermost fails to to verify the token used during code exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12421 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 18:15 修改: 2025-12-03 15:10
github.com/mattermost/mattermost/server/v8	CVE-2025-20051	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250122165010-4ed702ccff4e, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost allows reading arbitrary files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-08-18 18:22
github.com/mattermost/mattermost/server/v8	CVE-2025-25279	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250122165010-4ed702ccff4e, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost allows reading arbitrary files related to importing boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25279 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-02 18:19
github.com/mattermost/mattermost/server/v8	CVE-2025-4981	严重	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250519205859-65aec10162f6, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows authenticated users to write files to arbitrary locations 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4981 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 11:15 修改: 2025-07-08 17:59
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2025-68121	严重	v1.24.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/mattermost/mattermost/server/v8	CVE-2024-41144	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.7.6, 9.8.2, 9.9.1, 8.0.0-20240619142046-8181a9ddffc0	Mattermost allows remote actor to create/update/delete posts in arbitrary channels 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41144 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:25
github.com/mattermost/mattermost/server/v8	CVE-2025-14273	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7a	Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14273 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-22 12:16 修改: 2025-12-29 18:47
github.com/mattermost/mattermost/server/v8	CVE-2025-58073	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250807174701-e14175eb6539	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58073 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:51
github.com/mattermost/mattermost/server/v8	CVE-2025-58075	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815100400-2d5cdc6e217e	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58075 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:49
github.com/mattermost/mattermost/server/v8	CVE-2025-9072	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250731063404-9eebaadf8f72	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9072 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 11:15 修改: 2025-09-16 16:00
github.com/mattermost/mattermost/server/v8	CVE-2025-9079	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250707221302-a8fa77f107ef	Mattermost Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9079 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-19 20:15 修改: 2025-09-25 20:16
github.com/mattermost/mattermost/server/v8	CVE-2026-24458	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129164748-7201f42d955f	Mattermost fails to properly handle very long passwords 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:14
github.com/mattermost/mattermost/server/v8	CVE-2026-6346	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260326202606-fac92f4a71f3	Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6346 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 18:39
github.com/russellhaering/goxmldsig	CVE-2026-33487	高危	v1.5.0	1.6.0	github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33487 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-26 18:16 修改: 2026-04-20 14:15
github.com/mattermost/mattermost/server/v8	CVE-2023-6458	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.5, 9.0.3	Mattermost Injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-06 09:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2024-1887	高危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.3.1, 9.2.5, 8.1.9	Mattermost post fetching without auditing in compliance export 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1887 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 08:15 修改: 2025-05-12 13:32
stdlib	CVE-2025-61726	高危	v1.24.6	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.24.6	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.24.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.24.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.24.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.24.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.24.6	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.24.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.24.6	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.24.6	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.24.6	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.24.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.24.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/mattermost/mattermost/server/v8	CVE-2024-41162	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.7.6, 9.8.2, 9.9.1, 8.0.0-20240628125750-70b218839fa7	Mattermost allows a remote actor to make an arbitrary local channel read-only 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41162 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:03
github.com/mattermost/mattermost/server/v8	CVE-2024-41926	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.9.1, 8.0.0-20240604093018-5114c3b7cdb8	Mattermost allows remote actor to set arbitrary RemoteId values for synced users 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-41926 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 16:55
github.com/mattermost/mattermost/server/v8	CVE-2024-46872	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 09:15 修改: 2024-11-08 15:00
github.com/mattermost/mattermost/server/v8	CVE-2024-47003	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240806094731-69a8b3df0f9f	Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47003 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-09-26 08:15 修改: 2024-09-26 18:42
github.com/mattermost/mattermost/server/v8	CVE-2024-47401	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost Server vulnerable to application crash from attacker-generated large response 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47401 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 09:15 修改: 2025-09-29 14:47
github.com/mattermost/mattermost/server/v8	CVE-2024-50052	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240926115259-20ed58906adc	Mattermost server allows authenticated user to delete arbitrary post 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50052 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 08:15 修改: 2025-09-29 14:47
github.com/mattermost/mattermost/server/v8	CVE-2025-11776	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815165020-c8d66301415d	Mattermost fails to properly restrict access to archived channel search API 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11776 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:52
github.com/mattermost/mattermost/server/v8	CVE-2025-11794	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250929212932-a41db04d2746	Mattermost allows system administrators to access password hashes and MFA secrets 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11794 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 11:15 修改: 2025-11-19 21:40
github.com/mattermost/mattermost/server/v8	CVE-2025-12559	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251015091448-abbf01b9db45	Mattermost fails to sanitize team email addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12559 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-27 17:15 修改: 2025-12-03 15:16
github.com/mattermost/mattermost/server/v8	CVE-2025-12756	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty		Mattermost fails to validate user permissions when deleting comments in Boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12756 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-01 20:15 修改: 2025-12-05 15:26
github.com/mattermost/mattermost/server/v8	CVE-2025-13324	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251031095924-e7e23b94e006	Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13324 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-17 19:16 修改: 2025-12-29 18:46
github.com/mattermost/mattermost/server/v8	CVE-2025-13767	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7	Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13767 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-24 08:15 修改: 2025-12-31 18:56
github.com/mattermost/mattermost/server/v8	CVE-2025-13821	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251210191531-cd17b61de41b	Mattermost fails to sanitize sensitive data in WebSocket messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13821 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 12:16 修改: 2026-02-18 21:44
github.com/mattermost/mattermost/server/v8	CVE-2025-14350	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251209134645-761e56bb11cc	Mattermost fails to properly validate team membership when processing channel mentions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14350 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 13:15 修改: 2026-02-18 20:19
github.com/mattermost/mattermost/server/v8	CVE-2025-20033	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.16, 10.0.4, 10.1.4, 10.2.1, 8.0.0-20250102081831-64c566a8280b	mattermost: DoS via custom post type for sysconsole plugin readers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20033 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-10-02 17:26
github.com/mattermost/mattermost/server/v8	CVE-2025-20086	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost fails to properly validate post props 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20086 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 17:15 修改: 2025-09-30 15:51
github.com/mattermost/mattermost/server/v8	CVE-2025-20088	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost fails to properly validate post props 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20088 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 17:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-20621	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost webapp crash via a crafted post 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-20621 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-16 19:15 修改: 2025-10-01 17:54
github.com/mattermost/mattermost/server/v8	CVE-2025-21088	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.2.1, 10.1.4, 10.0.4, 9.11.6, 8.0.0-20241127161322-25ff7a3779a5	Mattermost Incorrect Type Conversion or Cast 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-21088 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-15 16:15 修改: 2025-09-30 15:52
github.com/mattermost/mattermost/server/v8	CVE-2025-24526	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250110161910-96195f1bd746, 9.11.8, 10.2.3, 10.3.3, 10.4.2	Mattermost fails to restrict channel export of archived channels 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24526 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-01 18:03
github.com/mattermost/mattermost/server/v8	CVE-2025-2475	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250220161544-fd356b62b4dd	Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2475 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 15:15 修改: 2025-10-02 14:53
github.com/mattermost/mattermost/server/v8	CVE-2025-2527	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.3, 9.11.12, 8.0.0-20250411064244-844447fbd57c	Mattermost Fails to Verify User's Permissions When Accessing Groups 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2527 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 16:15 修改: 2025-08-22 20:21
github.com/mattermost/mattermost/server/v8	CVE-2025-2564	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2564 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 17:15 修改: 2025-09-29 21:13
github.com/mattermost/mattermost/server/v8	CVE-2025-2571	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414095146-04676582cdd2, 10.6.3	Mattermost fails to clear Google OAuth credentials 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:15
github.com/mattermost/mattermost/server/v8	CVE-2025-27571	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-27933	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.4.3, 10.3.4, 9.11.9, 8.0.0-20250218135018-e644e3c8e393	Mattermost allows members with permission to convert public channels to private and convert private to public 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27933 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-21 09:15 修改: 2025-03-27 14:55
github.com/mattermost/mattermost/server/v8	CVE-2025-27936	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 8.0.0-20250314142426-c049748b8863	Mattermost vulnerable to Observable Timing Discrepancy 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27936 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 10:15 修改: 2026-01-14 14:29
github.com/mattermost/mattermost/server/v8	CVE-2025-31947	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.6.2, 10.5.3, 10.4.5, 9.11.12, 8.0.0-20250415054241-76ab3867b785	Mattermost Fails to Lockout LDAP Users After Repeated Login Failures 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31947 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 11:15 修改: 2025-10-06 15:30
github.com/mattermost/mattermost/server/v8	CVE-2025-32093	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250227102013-aa4623a93199	Mattermost Fails to Restrict Certain Operations on System Admins 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32093 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 07:15 修改: 2025-10-02 15:02
github.com/mattermost/mattermost/server/v8	CVE-2025-3227	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520060012-d0380305ef7a, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows unauthorized channel member management through playbook runs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3227 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 15:15 修改: 2025-07-08 14:31
github.com/mattermost/mattermost/server/v8	CVE-2025-3228	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520060012-d0380305ef7a, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6	Mattermost allows an unauthorized Guest user access to Playbook 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3228 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-20 15:15 修改: 2025-07-08 14:30
github.com/mattermost/mattermost/server/v8	CVE-2025-3230	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.6.3, 10.5.4, 9.11.13, 8.0.0-20250402193107-65343f84a783	Mattermost fails to properly invalidate personal access tokens upon user deactivation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3230 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:16
github.com/mattermost/mattermost/server/v8	CVE-2025-3446	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.6.2, 10.5.3, 10.4.5, 9.11.12, 8.0.0-20250415054241-76ab3867b785	Mattermost Fails to Validate Team Invite Permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3446 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 11:15 修改: 2025-09-29 21:05
github.com/mattermost/mattermost/server/v8	CVE-2025-35965	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to validate the uniqueness and quantity of task actions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-35965 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-09-29 21:10
github.com/mattermost/mattermost/server/v8	CVE-2025-36530	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250619095651-9dd0b3943e55	Mattermost Fails to Validate File Paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-36530 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 07:15 修改: 2025-08-25 15:22
github.com/mattermost/mattermost/server/v8	CVE-2025-3913	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.6.3, 10.5.4, 9.11.13, 8.0.0-20250412152950-02c76784380a	Mattermost improperly allows team administrators to modify team invites 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3913 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-29 16:15 修改: 2025-10-03 14:02
github.com/mattermost/mattermost/server/v8	CVE-2025-41395	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41395 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-10-01 19:35
github.com/mattermost/mattermost/server/v8	CVE-2025-41410	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250822083415-01b95392a450	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41410 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 18:00
github.com/mattermost/mattermost/server/v8	CVE-2025-41443	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250822090405-e8c7e7d0252b	Mattermost has a Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41443 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 08:15 修改: 2025-10-29 08:15
github.com/mattermost/mattermost/server/v8	CVE-2025-4573	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250414112942-77892234944b	Mattermost allows authenticated administrator to execute LDAP search filter injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4573 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-11 11:15 修改: 2025-07-08 17:59
github.com/mattermost/mattermost/server/v8	CVE-2025-46702	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250513065225-4ae5d647fb88, 9.11.16, 10.5.6, 10.6.6, 10.7.3, 10.8.1	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46702 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-30 17:15 修改: 2025-07-08 14:11
github.com/mattermost/mattermost/server/v8	CVE-2025-47870	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708065844-b38e2eccda18	Mattermost Does Not Sanitize the Team Invite ID 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:20
github.com/mattermost/mattermost/server/v8	CVE-2025-47871	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250513065225-4ae5d647fb88, 9.11.16, 10.5.6, 10.6.6, 10.7.3, 10.8.1	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47871 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-30 17:15 修改: 2025-07-08 14:11
github.com/mattermost/mattermost/server/v8	CVE-2025-49222	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost Fails to Validate Remote Cluster Upload Sessions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49222 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:20
github.com/mattermost/mattermost/server/v8	CVE-2025-55070	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250912063506-7d8b7b5e4a60	Mattermost does not enforce MFA on WebSocket connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55070 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:51
github.com/mattermost/mattermost/server/v8	CVE-2025-55073	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250929212932-a41db04d2746	Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55073 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-19 21:44
github.com/mattermost/mattermost/server/v8	CVE-2025-6226	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250520130510-fa40a8c5d47f	Mattermost Missing Authentication for Critical Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6226 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 09:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-6233	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250529054450-d38c27f96fcf	Mattermost Path Traversal vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6233 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 10:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-64641	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251121122154-b57c297c6d7	Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64641 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-24 08:15 修改: 2025-12-31 18:55
github.com/mattermost/mattermost/server/v8	CVE-2025-6465	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost Fails to Sanitize File Names 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6465 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 17:15 修改: 2025-10-02 19:49
github.com/mattermost/mattermost/server/v8	CVE-2025-8023	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708065844-b38e2eccda18	Mattermost Fails to Sanitize Path Traversal Sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8023 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 14:56
github.com/mattermost/mattermost/server/v8	CVE-2025-8402	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250708173752-d6b35c41f0ae5	Mattermost has Potential Server Crash due to Unvalidated Import Data 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8402 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 17:15 修改: 2025-10-01 20:23
github.com/mattermost/mattermost/server/v8	CVE-2025-9076	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250729073403-517ae758cd02	Mattermost Missing Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9076 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 10:15 修改: 2025-09-20 02:52
github.com/mattermost/mattermost/server/v8	CVE-2025-9078	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250718075842-cd87e5c87737	Mattermost makes Use of Weak Hash 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9078 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 10:15 修改: 2025-09-16 15:58
github.com/mattermost/mattermost/server/v8	CVE-2026-0999	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251212052346-61651b0df7ea	Mattermost fails to properly validate login method restrictions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0999 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 10:16 修改: 2026-02-18 20:20
github.com/mattermost/mattermost/server/v8	CVE-2026-21386	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260130144323-5bb5261c72fa	Mattermost fails to use consistent error responses when handling the /mute command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21386 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:53
github.com/mattermost/mattermost/server/v8	CVE-2026-2455	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129133647-5d787969c2d5	Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2455 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:55
github.com/mattermost/mattermost/server/v8	CVE-2026-2456	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127165411-fe3052073dc6	Mattermost fails to limit the size of responses from integration action endpoints 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2456 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 18:27
github.com/mattermost/mattermost/server/v8	CVE-2026-2457	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260123211116-9efe617be8b8	Mattermost allows attackers to spoof permalink embeds 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2457 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:49
github.com/mattermost/mattermost/server/v8	CVE-2026-2458	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260113182106-a18b80ba4c32	Mattermost allows a removed team member to enumerate all public channels within a private team 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2458 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:48
github.com/mattermost/mattermost/server/v8	CVE-2026-2463	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260105134819-cc427af41b2a	Mattermost fails to filter invite IDs based on user permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2463 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:43
github.com/mattermost/mattermost/server/v8	CVE-2026-24692	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260107142155-0481bd1fb045	Mattermost fails to properly enforce read permissions in search API endpoints 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24692 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:54
github.com/mattermost/mattermost/server/v8	CVE-2026-2578	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127062706-c6b205f0d770	Mattermost fails to preserve the redacted state of burn-on-read posts during deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2578 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:19 修改: 2026-03-18 17:42
github.com/mattermost/mattermost/server/v8	CVE-2026-25780	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260123215601-86797c508c44	Mattermost fails to bound memory allocation when processing DOC files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25780 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:13
github.com/mattermost/mattermost/server/v8	CVE-2026-25783	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260129181235-1346cf529aef	Mattermost fails to properly validate User-Agent header tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25783 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:11
github.com/mattermost/mattermost/server/v8	CVE-2026-26246	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260115183946-38b413a27604	Mattermost fails to bound memory allocation when processing PSD image files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26246 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:18 修改: 2026-03-18 18:03
github.com/mattermost/mattermost/server/v8	CVE-2026-28732	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260306123948-f5fe8ded6b63	Mattermost doesn't enforce slash command trigger-word uniqueness during command updates 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28732 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-19 17:18
github.com/mattermost/mattermost/server/v8	CVE-2026-28759	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260216150504-8738f8c4b3d4	Mattermost does not verify remote cluster channel access when processing shared channel membership removals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28759 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-18 19:17
github.com/mattermost/mattermost/server/v8	CVE-2026-3637	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.11.14, 11.4.4, 8.0.0-20260316171743-090408f09f53, 11.5.2	Mattermost doesn't check the create_post channel permission during post edit operations 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3637 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:34
github.com/mattermost/mattermost/server/v8	CVE-2026-4265	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260107144005-c7f6efdfb035	Mattermost fails to validate team-specific upload_file permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4265 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 14:20 修改: 2026-03-18 17:41
github.com/mattermost/mattermost/server/v8	CVE-2026-5163	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 8.0.0-20260401090745-f4d1abe7e8f5	Mattermost doesn't verify channel membership when processing AI-assisted message rewrites 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5163 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:12
github.com/mattermost/mattermost/server/v8	CVE-2026-6339	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 11.4.4, 8.0.0-20260327001745-7a339a6438f5	Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6339 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:11
github.com/mattermost/mattermost/server/v8	CVE-2026-6340	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260325191733-fb11968f8798	Mattermost doesn't validate 7zip archive structure before processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6340 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:21
github.com/mattermost/mattermost/server/v8	CVE-2026-6345	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 11.4.4, 8.0.0-20260311102650-3057ae7e83e9	Mattermost doesn't prevent disclosure of created user password 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6345 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-18 19:05
github.com/mattermost/mattermost/server/v8	CVE-2023-40703	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40703 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:19
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/image	CVE-2026-33809	中危	v0.27.0	0.38.0	golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-25 19:16 修改: 2026-04-21 16:30
github.com/mattermost/mattermost/server/v8	CVE-2023-43754	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43754 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:24
github.com/mattermost/mattermost/server/v8	CVE-2023-45223	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45223 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:26
github.com/mattermost/mattermost/server/v8	CVE-2023-47168	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47168 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:29
github.com/mattermost/mattermost/server/v8	CVE-2023-47858	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.1	Mattermost viewing archived public channels permissions vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47858 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:30
github.com/mattermost/mattermost/server/v8	CVE-2023-47865	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Improper Access Control vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-47865 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 09:15 修改: 2024-11-21 08:30
github.com/mattermost/mattermost/server/v8	CVE-2023-48268	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48268 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:31
github.com/mattermost/mattermost/server/v8	CVE-2023-48369	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Uncontrolled Resource Consumption vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48369 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:31
github.com/mattermost/mattermost/server/v8	CVE-2023-48732	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost notified all users in the channel when using WebSockets to respond individually 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48732 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:32
github.com/mattermost/mattermost/server/v8	CVE-2023-5968	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.4, 8.1.3, 9.0.1, 8.0.0-20230825233148-f787fd63368a	Mattermost password hash disclosure vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5968 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-06 16:15 修改: 2024-11-21 08:42
github.com/mattermost/mattermost/server/v8	CVE-2023-6202	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.1.1, 9.0.2, 8.1.4	Mattermost Improper Access Control vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6202 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2023-6459	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.5	Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6459 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-06 09:15 修改: 2024-11-21 08:43
github.com/mattermost/mattermost/server/v8	CVE-2024-10241	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240813135334-8f3a13122f55	Mattermost Server allows user to get private channel names 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10241 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-29 08:15 修改: 2025-09-30 17:09
github.com/mattermost/mattermost/server/v8	CVE-2024-1402	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.8, 9.2.4, 9.1.5	Mattermost vulnerable to denial of service via large number of emoji reactions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1402 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-09 16:15 修改: 2024-11-21 08:50
github.com/mattermost/mattermost/server/v8	CVE-2024-1888	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 9.3.1, 9.2.5, 8.1.9	Mattermost fails to check the "invite_guest" permission 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1888 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 09:15 修改: 2025-05-12 13:35
github.com/mattermost/mattermost/server/v8	CVE-2024-1942	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.3.1, 9.2.5, 8.1.9	Mattermost allows attackers access to posts in channels they are not a member of 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1942 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:06
github.com/mattermost/mattermost/server/v8	CVE-2024-1953	中危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 9.3.1, 9.2.5, 8.1.9	Mattermost fails to limit the number of role names 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1953 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:09
stdlib	CVE-2025-47912	中危	v1.24.6	1.24.8, 1.25.2	net/url: Insufficient validation of bracketed IPv6 hostnames in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib	CVE-2025-58183	中危	v1.24.6	1.24.8, 1.25.2	golang: archive/tar: Unbounded allocation when parsing GNU sparse map 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-58185	中危	v1.24.6	1.24.8, 1.25.2	encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib	CVE-2025-58187	中危	v1.24.6	1.24.9, 1.25.3	crypto/x509: Quadratic complexity when checking name constraints in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib	CVE-2025-58188	中危	v1.24.6	1.24.8, 1.25.2	crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib	CVE-2025-58189	中危	v1.24.6	1.24.8, 1.25.2	crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61723	中危	v1.24.6	1.24.8, 1.25.2	encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib	CVE-2025-61724	中危	v1.24.6	1.24.8, 1.25.2	net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib	CVE-2025-61725	中危	v1.24.6	1.24.8, 1.25.2	net/mail: Excessive CPU consumption in ParseAddress in net/mail 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.24.6	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.24.6	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.24.6	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.24.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.24.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.24.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.24.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.24.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.24.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.24.6	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/mattermost/mattermost/server/v8	CVE-2026-6333	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260325160634-e738016c5920	Mattermost doesn't validate the Host header when constructing response URLs for custom slash command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6333 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 09:16 修改: 2026-05-19 17:51
github.com/mattermost/mattermost/server/v8	CVE-2026-6334	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260318173148-e9ae890a013b	Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6334 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-29 19:11
filippo.io/edwards25519	CVE-2026-26958	低危	v1.1.0	1.1.1	filippo.io/edwards25519: filippo.io/edwards25519: Cryptographic integrity bypass due to incorrect MultiScalarMult results 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26958 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-19 23:16 修改: 2026-04-15 00:35
github.com/mattermost/mattermost/server/v8	CVE-2023-35075	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.4	Mattermost Injection vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-35075 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-11-27 10:15 修改: 2024-11-21 08:07
github.com/mattermost/mattermost/server/v8	CVE-2023-50333	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost allows demoted guests to change group names 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50333 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-01-02 10:15 修改: 2024-11-21 08:36
github.com/mattermost/mattermost/server/v8	CVE-2023-7113	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.7	Mattermost Cross-site Scripting vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7113 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-29 13:15 修改: 2024-11-21 08:45
github.com/mattermost/mattermost/server/v8	CVE-2024-10214	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20240821220019-0d6b1070a26f	Mattermost incorrectly issues two sessions when using desktop SSO 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10214 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-10-28 15:15 修改: 2024-11-05 17:03
github.com/mattermost/mattermost/server/v8	CVE-2024-1949	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 8.1.9	Mattermost race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1949 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 11:15 修改: 2024-12-13 17:07
github.com/mattermost/mattermost/server/v8	CVE-2024-21848	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.11	Mattermost Server Improper Access Control 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21848 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-04-05 09:15 修改: 2024-12-13 16:36
github.com/mattermost/mattermost/server/v8	CVE-2024-23488	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.4.2, 8.1.9	Mattermost fails to properly restrict the access of files attached to posts 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23488 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-29 08:15 修改: 2025-05-12 13:34
github.com/mattermost/mattermost/server/v8	CVE-2024-24776	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.1.8, 9.3.0	Mattermost fails to check the required permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24776 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-02-09 15:15 修改: 2024-11-21 08:59
github.com/mattermost/mattermost/server/v8	CVE-2024-39837	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.5.7, 9.9.1, 8.0.0-20240626164322-c758cecaf30c	Mattermost did not properly restrict channel creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39837 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-08-01 15:15 修改: 2024-09-04 17:38
github.com/mattermost/mattermost/server/v8	CVE-2025-10545	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250820115038-ff30b84049f0	Mattermost has an Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10545 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 18:02
github.com/mattermost/mattermost/server/v8	CVE-2025-11777	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11777 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-13 18:15 修改: 2025-11-17 18:05
github.com/mattermost/mattermost/server/v8	CVE-2025-13870	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b	Mattermost fails to validate user permissions in Boards 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-02 10:16 修改: 2025-12-03 20:57
github.com/mattermost/mattermost/server/v8	CVE-2025-1412	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20241217145510-faa7e4f2ea0c, 10.4.2, 9.11.7	Mattermost fails to invalidate all active sessions when converting a user to a bot 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1412 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-24 08:15 修改: 2025-10-01 18:02
github.com/mattermost/mattermost/server/v8	CVE-2025-14573	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20251215190648-6404ab29acc0	Mattermost fails to enforce invite permissions when updating team settings 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14573 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-16 13:16 修改: 2026-02-18 20:18
github.com/mattermost/mattermost/server/v8	CVE-2025-1792	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414110750-c23f44fe8ed0	Mattermost fails to properly enforce access controls for guest users 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1792 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-10-15 14:15
github.com/mattermost/mattermost/server/v8	CVE-2025-22445	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.3.0, 8.0.0-20250102081831-64c566a8280b	mattermost: Misleading UI for undefined admin console settings in Calls causes security confusion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22445 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-10-02 17:25
github.com/mattermost/mattermost/server/v8	CVE-2025-22449	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.6, 8.0.0-20250102081831-64c566a8280b	mattermost: Access control flaw for team admins allows unauthorized team additions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22449 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-01-09 07:15 修改: 2025-09-29 17:44
github.com/mattermost/mattermost/server/v8	CVE-2025-2424	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250213231113-68c11e9ecb71	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2424 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-14 15:15 修改: 2025-10-01 18:18
github.com/mattermost/mattermost/server/v8	CVE-2025-24839	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 10.4.4, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Incorrect Authorization vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24839 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-02 14:50
github.com/mattermost/mattermost/server/v8	CVE-2025-24866	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	9.11.9, 8.0.0-20250204211032-f52e08754c49	Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24866 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-10 16:15 修改: 2025-10-01 18:06
github.com/mattermost/mattermost/server/v8	CVE-2025-2570	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.3, 9.11.12, 8.0.0-20250411064244-844447fbd57c	Mattermost Fails to Check User Access to `ExperimentalSettings` 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-2570 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-15 16:15 修改: 2025-10-06 15:22
github.com/mattermost/mattermost/server/v8	CVE-2025-27538	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.2, 9.11.10, 8.0.0-20250314142426-c049748b8863	Mattermost Missing Authentication for Critical Function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27538 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 08:15 修改: 2025-10-01 18:20
github.com/mattermost/mattermost/server/v8	CVE-2025-31363	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.5.1, 10.4.3, 9.11.10, 8.0.0-20250218121836-2b5275d87136	Mattermost doesn't restrict domains LLM can request to contact upstream 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31363 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 10:15 修改: 2025-09-29 21:24
github.com/mattermost/mattermost/server/v8	CVE-2025-3611	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.7.1, 10.5.4, 9.11.13, 8.0.0-20250414154356-6f33b721de76	Mattermost fails to properly enforce access control restrictions for System Manager roles 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3611 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-05-30 15:15 修改: 2025-07-08 17:11
github.com/mattermost/mattermost/server/v8	CVE-2025-4128	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250422131222-701ddc896a10	Mattermost allows guest users to view information about public teams they are not members of 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4128 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-06-11 11:15 修改: 2025-07-08 19:42
github.com/mattermost/mattermost/server/v8	CVE-2025-41423	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250218121836-2b5275d87136	Mattermost Playbooks fails to properly validate permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41423 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-24 07:15 修改: 2025-09-29 21:06
github.com/mattermost/mattermost/server/v8	CVE-2025-41436	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250815165020-c8d66301415d	Mattermost allows regular users to access archived channel content and files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41436 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-14 08:15 修改: 2025-11-17 17:52
github.com/mattermost/mattermost/server/v8	CVE-2025-47700	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250814075248-83a37a861d3c	Mattermost Server SSRF Vulnerability via the Agents Plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47700 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-10-29 18:40
github.com/mattermost/mattermost/server/v8	CVE-2025-49810	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095846-c602a4a78e1f	Mattermost Lack of Access Control Validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49810 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:17
github.com/mattermost/mattermost/server/v8	CVE-2025-53971	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095846-c602a4a78e1f	Mattermost Fails to Properly Validate Team Role Modification 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53971 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-21 08:15 修改: 2025-08-25 15:16
github.com/mattermost/mattermost/server/v8	CVE-2025-54499	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250728063359-38208b8f065f	Mattermost has an Observable Timing Discrepancy vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-16 09:15 修改: 2025-10-21 17:58
github.com/mattermost/mattermost/server/v8	CVE-2025-55074	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250905150616-ba86dfc5876b6	Mattermost allows other users to determine when users had read channels via channel member objects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55074 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-18 16:15 修改: 2025-11-25 20:24
github.com/mattermost/mattermost/server/v8	CVE-2025-6227	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250612074655-8f8612c63783	Mattermost has Insufficiently Protected Credentials 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6227 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-18 12:15 修改: 2025-10-14 14:32
github.com/mattermost/mattermost/server/v8	CVE-2025-9081	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20250721095935-11c36f4d1e44	Mattermost boards plugin fails to restrict download access to files 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9081 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-19 20:15 修改: 2025-09-25 20:14
github.com/mattermost/mattermost/server/v8	CVE-2025-9084	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-202508080704-39bd251fe4f600	Mattermost Open Redirect vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9084 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-09-15 11:15 修改: 2025-09-16 15:59
github.com/mattermost/mattermost/server/v8	CVE-2026-22545	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	8.0.0-20260127144908-ced9a56e3988	Mattermost fails to validate user's authentication method when processing account auth type switch 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22545 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-16 15:16 修改: 2026-03-18 13:54
github.com/mattermost/mattermost/server/v8	CVE-2026-3495	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	10.11.14, 11.5.2, 8.0.0-20260310115442-5a1ea95044d	Mattermost doesn't escape some variables that could contain malicious content during error page composition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3495 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:37
github.com/mattermost/mattermost/server/v8	CVE-2026-4273	低危	v0.0.0-20260220070932-e1a78d1e9111+dirty	11.5.2, 10.11.14, 8.0.0-20260313190740-742e0be95074	Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4273 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-18 08:16 修改: 2026-05-19 17:23
stdlib	CVE-2025-58186	低危	v1.24.6	1.24.8, 1.25.2	golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib	CVE-2026-27139	低危	v1.24.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/node_exporter (gobinary)

低危漏洞:1

中危漏洞:10

高危漏洞:13

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/opencontainers/selinux	CVE-2025-52881	高危	v1.11.1	1.13.0	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-06 21:15 修改: 2025-12-03 18:37
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-47914	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2025-22872	中危	v0.37.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/postgres_exporter (gobinary)

低危漏洞:1

中危漏洞:14

高危漏洞:14

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
golang.org/x/crypto	CVE-2024-45337	严重	v0.14.0	0.31.0	golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45337 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-12-12 02:02 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-22869	高危	v0.14.0	0.35.0	golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22869 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:28
golang.org/x/oauth2	CVE-2025-22868	高危	v0.8.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2023-48795	中危	v0.14.0	0.17.0, 0.0.0-20231218163308-9d2ee975ef9f	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.14.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2023-45288	中危	v0.17.0	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
golang.org/x/net	CVE-2025-22870	中危	v0.17.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.17.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/praefect (gobinary)

低危漏洞:5

中危漏洞:16

高危漏洞:18

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/jackc/pgx/v5	CVE-2026-33816	严重	v5.7.6	5.9.0	github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 16:16 修改: 2026-05-21 19:58
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.1	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.13.0	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.63.1	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.38.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/go-git/go-git/v5	CVE-2026-25934	中危	v5.13.0	5.16.5	go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-09 23:16 修改: 2026-02-20 20:21
github.com/go-git/go-git/v5	CVE-2026-34165	中危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.13.0	5.18.0	golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.13.0	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.6.5	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00
github.com/cloudflare/circl	CVE-2026-1229	低危	v1.6.1	1.6.3	CIRCL has an incorrect calculation in secp384r1 CombinedMult 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-24 08:16 修改: 2026-03-03 00:29
github.com/go-git/go-git/v5	CVE-2026-33762	低危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/jackc/pgx/v5	CVE-2026-41889	低危	v5.7.6	5.9.2	github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 17:16 修改: 2026-05-21 19:58
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/prometheus (gobinary)

低危漏洞:1

中危漏洞:16

高危漏洞:20

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.73.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/docker/docker	CVE-2026-41567	高危	v28.3.0+incompatible		Moby is an open source container framework. In versions prior to 29.5. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-05 02:17 修改: 2026-06-05 16:01
github.com/docker/docker	CVE-2026-42306	高危	v28.3.0+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.306.0	0.311.3	github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.306.0	0.311.3, 0.305.2	github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.36.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.36.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.36.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/docker/docker	CVE-2026-34040	高危	v28.3.0+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.36.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/go-viper/mapstructure/v2	CVE-2025-11065	中危	v2.3.0	2.4.0	github.com/go-viper/mapstructure/v2: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11065 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-26 20:16 修改: 2026-04-15 00:35
github.com/docker/docker	CVE-2025-54388	中危	v28.3.0+incompatible	28.3.3	github.com/moby/moby: Moby's Firewalld reload makes container ports accessible 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54388 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-30 14:15 修改: 2025-09-08 16:34
golang.org/x/crypto	CVE-2025-47914	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.39.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
github.com/docker/docker	CVE-2026-33997	中危	v28.3.0+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/prometheus/prometheus	CVE-2026-40179	中危	v0.306.0	0.311.2-0.20260410083055-07c6232d159b	Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-15 23:16 修改: 2026-04-22 20:04
github.com/prometheus/prometheus	CVE-2026-44903	中危	v0.306.0	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-26 22:16 修改: 2026-06-05 17:18
github.com/docker/docker	CVE-2026-41568	中危	v28.3.0+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/redis_exporter (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/bin/registry (gobinary)

低危漏洞:2

中危漏洞:9

高危漏洞:16

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/jackc/pgx/v5	CVE-2026-33816	严重	v5.7.6	5.9.0	github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 16:16 修改: 2026-05-21 19:58
google.golang.org/grpc	CVE-2026-33186	严重	v1.76.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.38.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.38.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.38.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.2	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.7.4	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.93.2	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/jackc/pgx/v5	CVE-2026-41889	低危	v5.7.6	5.9.2	github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 17:16 修改: 2026-05-21 19:58
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/devfile-0.5.0-x86_64-linux/out/devfile-amd64-linux (gobinary)

低危漏洞:6

中危漏洞:25

高危漏洞:24

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.62.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/distribution/distribution/v3	CVE-2026-35172	高危	v3.0.0-20221208165359-362910506bc2	3.1.0	github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35172 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 20:16 修改: 2026-04-27 23:55
github.com/docker/cli	CVE-2025-15558	高危	v25.0.1+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
github.com/docker/docker	CVE-2026-34040	高危	v25.0.6+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/docker/docker	CVE-2026-41567	高危	v25.0.6+incompatible		Moby is an open source container framework. In versions prior to 29.5. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-05 02:17 修改: 2026-06-05 16:01
github.com/docker/docker	CVE-2026-42306	高危	v25.0.6+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.13.0	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
golang.org/x/oauth2	CVE-2025-22868	高危	v0.16.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
github.com/containerd/containerd	CVE-2024-25621	高危	v1.7.13	1.7.29	github.com/containerd/containerd: containerd local privilege escalation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
github.com/distribution/distribution/v3	CVE-2026-33540	高危	v3.0.0-20221208165359-362910506bc2	3.1.0	github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33540 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-06 15:17 修改: 2026-04-09 18:36
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/docker/docker	CVE-2026-41568	中危	v25.0.6+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/containerd/containerd	CVE-2025-64329	中危	v1.7.13	1.7.29	github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.6.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
github.com/distribution/distribution/v3	CVE-2026-41888	中危	v3.0.0-20221208165359-362910506bc2	3.1.1	github.com/distribution/distribution: Distribution: Security bypass allows unauthorized tag deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41888 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-14 18:16 修改: 2026-05-15 18:25
github.com/go-git/go-git/v5	CVE-2026-25934	中危	v5.13.0	5.16.5	go-git/go-git: go-git: Data integrity issue due to improper verification of pack and index files 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25934 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-09 23:16 修改: 2026-02-20 20:21
github.com/go-git/go-git/v5	CVE-2026-34165	中危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.13.0	5.18.0	golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.13.0	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
golang.org/x/crypto	CVE-2025-47914	中危	v0.35.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.35.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/net	CVE-2025-22870	中危	v0.33.0	0.36.0	golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
golang.org/x/net	CVE-2025-22872	中危	v0.33.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
github.com/containerd/containerd	CVE-2024-40635	中危	v1.7.13	1.7.27, 1.6.38	containerd: containerd has an integer overflow in User ID handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
github.com/docker/docker	CVE-2026-33997	中危	v25.0.6+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.3	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/cloudflare/circl	CVE-2025-8556	低危	v1.3.7	1.6.1	github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-08-06 09:15 修改: 2026-04-15 00:35
github.com/cloudflare/circl	CVE-2026-1229	低危	v1.3.7	1.6.3	CIRCL has an incorrect calculation in secp384r1 CombinedMult 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-24 08:16 修改: 2026-03-03 00:29
github.com/go-git/go-git/v5	CVE-2026-33762	低危	v5.13.0	5.17.1	github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.13.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00
github.com/docker/docker	CVE-2025-54410	低危	v25.0.6+incompatible	25.0.13, 28.0.0	github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54410 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-07-30 14:15 修改: 2025-08-22 17:27
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/gitlab-glfm-markdown-0.0.39-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
time	CVE-2026-25727	中危	0.3.41	0.3.47	time: time affected by a stack exhaustion denial of service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

time

CVE-2026-25727

中危

0.3.41

0.3.47

time: time affected by a stack exhaustion denial of service attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727

镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c

发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/gitlab-glfm-markdown-0.0.39-x86_64-linux-gnu/ext/gitlab_glfm_markdown/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
time	CVE-2026-25727	中危	0.3.41	0.3.47	time: time affected by a stack exhaustion denial of service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

time

CVE-2026-25727

中危

0.3.41

0.3.47

time: time affected by a stack exhaustion denial of service attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727

镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c

发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/gitlab_query_language-0.20.11-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bytes	CVE-2026-25541	中危	1.10.1	1.11.1	Bytes is a utility library for working with bytes. From version 1.2.1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25541 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-02-04 22:16 修改: 2026-02-27 20:13

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

bytes

CVE-2026-25541

中危

1.10.1

1.11.1

Bytes is a utility library for working with bytes. From version 1.2.1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25541

镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c

发布日期: 2026-02-04 22:16 修改: 2026-02-27 20:13

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/prometheus-client-mmap-1.2.10-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/prometheus-client-mmap-1.2.10-x86_64-linux-gnu/ext/fast_mmaped_file_rs/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell (gobinary)

低危漏洞:1

中危漏洞:9

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-check (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:12

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-sshd (gobinary)

低危漏洞:1

中危漏洞:9

高危漏洞:13

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.72.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
golang.org/x/oauth2	CVE-2025-22868	高危	v0.26.0	0.27.0	golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.7	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-47914	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.41.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.7	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.7	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:fa3bef7dbeee9e214a5bdaf2258a56a6d5c357420d400daeabefca9cc5aaed5c 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

/etc/ssh/ssh_host_ecdsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ed25519_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_rsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/aws-sdk-core-3.194.2/lib/aws-sdk-ssooidc/client.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/aws-sdk-core-3.226.3/lib/aws-sdk-ssooidc/client.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/chef-18.3.0/lib/chef/resource/openssl_ec_public_key.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/chef-zero-15.0.11/lib/chef_zero.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/fog-aws-3.33.1/lib/fog/aws/models/compute/key_pairs.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/service/gitlab-rails/app/models/concerns/integrations/base/diffblue_cover.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks.toml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息