docker.io/gitlab/gitlab-ce:19.0.2-ce.0 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:16

中危漏洞:185

高危漏洞:276

严重漏洞:10

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-15 10:45

docker.io/gitlab/gitlab-ce:19.0.2-ce.0 (ubuntu 24.04) (ubuntu)

低危漏洞:6

中危漏洞:40

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
busybox	CVE-2023-42366	中危	1:1.36.1-6ubuntu3.1		busybox: A heap-buffer-overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366 镜像层: sha256:488c13396482e8a22e5522191f099b04e7365e5b6469edb0be1f759c85ff9c69 发布日期: 2023-11-27 23:15 修改: 2024-12-06 14:15
busybox	CVE-2024-58251	中危	1:1.36.1-6ubuntu3.1		In netstat in BusyBox through 1.37.0, local users can launch of networ ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251 镜像层: sha256:488c13396482e8a22e5522191f099b04e7365e5b6469edb0be1f759c85ff9c69 发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
busybox	CVE-2025-46394	中危	1:1.36.1-6ubuntu3.1		In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394 镜像层: sha256:488c13396482e8a22e5522191f099b04e7365e5b6469edb0be1f759c85ff9c69 发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
busybox	CVE-2025-60876	中危	1:1.36.1-6ubuntu3.1		busybox: BusyBox wget: HTTP request-target allows header injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-60876 镜像层: sha256:488c13396482e8a22e5522191f099b04e7365e5b6469edb0be1f759c85ff9c69 发布日期: 2025-11-10 20:15 修改: 2026-06-02 14:16
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-23 05:16 修改: 2026-04-27 18:33
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-04 10:15 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-18 13:16 修改: 2026-06-08 17:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-07 12:16 修改: 2026-06-10 16:17
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-07 15:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-01 21:16 修改: 2026-06-02 17:16
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
wget	CVE-2021-31879	中危	1.21.4-1ubuntu4.1		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:488c13396482e8a22e5522191f099b04e7365e5b6469edb0be1f759c85ff9c69 发布日期: 2021-04-29 05:15 修改: 2024-11-21 06:06
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35

Node.js (node-pkg)

低危漏洞:3

中危漏洞:7

高危漏洞:14

严重漏洞:3

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
handlebars	CVE-2019-19919	严重	1.0.0	4.3.0, 3.0.8	nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-12-20 23:15 修改: 2024-11-21 04:35
handlebars	CVE-2021-23369	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2021-04-12 14:15 修改: 2024-11-21 05:51
handlebars	CVE-2021-23383	严重	1.0.0	4.7.7	nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2021-05-04 09:15 修改: 2024-11-21 05:51
diff	GHSA-h6ch-v84p-w6p9	高危	1.0.0	3.5.0	Regular Expression Denial of Service (ReDoS) 漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-06-13 18:58 修改: 2021-02-24 19:27
handlebars	CVE-2019-20920	高危	1.0.0	3.0.8, 4.5.3	nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-09-30 18:15 修改: 2024-11-21 04:39
handlebars	GHSA-2cf5-4w76-r9qv	高危	1.0.0	3.0.8, 4.5.2	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-09-04 14:57 修改: 2024-01-29 20:54
handlebars	GHSA-g9r4-xpmj-mj65	高危	1.0.0	3.0.8, 4.5.3	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-09-04 15:06 修改: 2020-08-31 18:55
handlebars	GHSA-q2c6-c6pm-g3gh	高危	1.0.0	3.0.8, 4.5.3	Arbitrary Code Execution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-09-04 15:07 修改: 2020-08-31 18:55
handlebars	GHSA-q42p-pg8m-cqh6	高危	1.0.0	4.1.2, 4.0.14, 3.0.7	Prototype Pollution in handlebars 漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-06-05 14:07 修改: 2021-08-04 20:54
ini	CVE-2020-7788	高危	1.0.0	1.3.6	nodejs-ini: Prototype pollution via malicious INI file 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-12-11 11:15 修改: 2024-11-21 05:37
json	CVE-2020-7712	高危	1.0.0	10.0.0	trentm/json vulnerable to command injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-08-30 08:15 修改: 2024-11-21 05:37
npm	CVE-2018-7408	高危	1.0.1	5.7.1	Incorrect Permission Assignment for Critical Resource in NPM 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2018-02-22 18:29 修改: 2024-11-21 04:12
npm	CVE-2019-16775	高危	1.0.1	6.13.3	npm: Symlink reference outside of node_modules folder through the bin field upon installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm	CVE-2019-16776	高危	1.0.1	6.13.3	npm: Arbitrary file write via constructed entry in the package.json bin field 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm	CVE-2019-16777	高危	1.0.1	6.13.4	npm: Global node_modules Binary Overwrite 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
thrift	CVE-2026-41636	高危	0.0.0-DEVELOPMENT	0.23.0	apache.com/apache/thrift: Apache Thrift: Node.js skip() recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41636 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-28 10:16 修改: 2026-04-28 18:38
thrift	CVE-2026-43870	高危	0.0.0-DEVELOPMENT		Origin Validation Error, Improper Limitation of a Pathname to a Restri ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43870 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-05 09:16 修改: 2026-05-06 18:05
npm	CVE-2016-3956	中危	1.0.1	>= 2.15.1 <= 3.0.0, >= 3.8.3	npm: bearer token leak to non-registry hosts 漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2016-07-02 14:59 修改: 2026-05-06 22:30
npm	CVE-2020-15095	中危	1.0.1	6.14.6	npm: sensitive information exposure through logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-07-07 19:15 修改: 2024-11-21 05:04
pug	CVE-2021-21353	中危	1.0.0	3.0.1	pug: user provided objects as input to pug templates can achieve remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2021-03-03 02:15 修改: 2025-05-27 21:08
pug	CVE-2024-36361	中危	1.0.0	3.0.3	Pug allows JavaScript code execution if an application accepts untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2024-05-24 06:15 修改: 2026-04-15 00:35
handlebars	CVE-2015-8861	中危	1.0.0	>=4.0.0	The handlebars package before 4.0.0 for Node.js allows remote attacker ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2017-01-23 21:59 修改: 2026-05-13 00:24
handlebars	NSWG-ECO-519	中危	1.0.0	>=4.6.0	Denial of Service 漏洞详情: https://hackerone.com/reports/726364 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
yaml	CVE-2026-33532	中危	1.0.0	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
npm	CVE-2013-4116	低危	1.0.1	>=1.3.3	npm: Insecure temporary directory generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2014-04-22 14:23 修改: 2026-05-06 22:30
diff	CVE-2026-24001	低危	1.0.0	8.0.3, 5.2.2, 4.0.4, 3.5.1	jsdiff: denial of service vulnerability in parsePatch and applyPatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
markdown	GHSA-wx77-rp39-c6vg	低危	1.0.0		Regular Expression Denial of Service in markdown 漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2020-09-04 15:11 修改: 2022-03-24 22:10

Ruby (gemspec)

低危漏洞:3

中危漏洞:23

高危漏洞:12

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
net-imap	CVE-2026-42257	严重	0.4.21	~> 0.4.24, ~> 0.5.14, >= 0.6.4	net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42257 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-09 20:16 修改: 2026-05-18 17:59
net-imap	CVE-2026-42258	严重	0.4.21	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42258 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:02
erb	CVE-2026-41316	高危	4.0.3	~> 4.0.3.1, ~> 4.0.4.1, ~> 6.0.1.1, >= 6.0.4	erb: ERB: Arbitrary code execution via deserialization bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41316 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-24 03:16 修改: 2026-04-29 20:56
activesupport	CVE-2026-33176	高危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Denial of Service via large scientific notation strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33176 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-24 00:16 修改: 2026-03-24 17:55
addressable	CVE-2026-35611	高危	2.8.7	>= 2.9.0	addressable: Addressable: Denial of Service via crafted URI templates 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35611 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 17:16 修改: 2026-04-15 17:20
net-imap	CVE-2026-42245	高危	0.4.21	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42245 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:12
net-imap	CVE-2026-42246	高危	0.4.21	~> 0.3.10, ~> 0.4.24, ~> 0.5.14, >= 0.6.4	Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42246 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:08
oauth	GHSA-prq8-7wvh-44qh	高危	0.5.6	>= 1.1.6	Cross-origin OAuth token-request redirects can expose signed request metadata 漏洞详情: https://github.com/advisories/GHSA-prq8-7wvh-44qh 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
oauth2	GHSA-pp92-crg2-gfv9	高危	2.0.18	>= 2.0.22	Protocol-relative redirect Location overrides authority in OAuth2::Client#request, leaking bearer Authorization to attacker host 漏洞详情: https://github.com/advisories/GHSA-pp92-crg2-gfv9 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47736	高危	7.2.0	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47737	高危	7.2.0	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47736	高危	8.0.1	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47736 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
puma	CVE-2026-47737	高危	8.0.1	~> 7.2.1, >= 8.0.2	Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47737 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
sinatra	CVE-2025-61921	高危	3.2.0	>= 4.2.0	sinatra: Sinatra has ReDoS vulnerability in ETag header value generation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61921 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-10-10 20:15 修改: 2025-10-31 16:27
faraday	CVE-2026-25765	中危	2.8.1	~> 1.10.5, >= 2.14.1	Faraday: Faraday: Server-Side Request Forgery via protocol-relative URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25765 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-09 21:15 修改: 2026-02-20 21:03
faraday	CVE-2026-33637	中危	2.8.1	>= 2.14.2	Faraday is an HTTP client library abstraction layer that provides a co ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-19 19:16 修改: 2026-05-21 20:17
graphql	GHSA-3h96-34p3-xm76	中危	2.5.23	~> 2.3.23, ~> 2.4.18, ~> 2.5.26, >= 2.6.1	GraphQL-Ruby's Ruby lexer does not count comment tokens for the purposes of max_query_string_tokens 漏洞详情: https://github.com/advisories/GHSA-3h96-34p3-xm76 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-05 21:51 修改: 2026-05-05 21:51
activesupport	CVE-2026-33169	中危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33169 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:01
aws-sdk-s3	CVE-2025-14762	中危	1.149.1	>= 1.208.0	aws-sdk-ruby: AWS SDK for Ruby: Data integrity compromise via missing cryptographic key commitment 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14762 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-12-17 21:15 修改: 2026-04-15 00:35
carrierwave	CVE-2023-49090	中危	1.3.4	~> 2.2.5, >= 3.0.5	CarrierWave is a solution for file uploads for Rails, Sinatra and othe ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49090 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2023-11-29 15:15 修改: 2024-11-21 08:32
carrierwave	CVE-2024-29034	中危	1.3.4	~> 2.2.6, >= 3.0.7	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29034 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2024-03-24 20:15 修改: 2025-11-07 01:41
net-imap	CVE-2026-42256	中危	0.4.21	~> 0.4.24, ~> 0.5.14, >= 0.6.4	ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42256 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-09 20:16 修改: 2026-05-18 18:06
net-imap	CVE-2026-47240	中危	0.4.21	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47242	中危	0.4.21	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via ID command argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47240	中危	0.6.4	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47240 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47242	中危	0.6.4	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Command Injection via ID command argument 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47242 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
carrierwave	CVE-2026-44587	中危	1.3.4	~> 2.2.7, >= 3.1.3	CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44587 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
css_parser	CVE-2026-44312	中危	1.14.0	~> 1.22.0, >= 2.1.0	css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44312 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-14 17:16 修改: 2026-05-15 19:16
devise	CVE-2026-32700	中危	4.9.4	>= 5.0.3	devise: Devise: Unauthorized email confirmation due to a race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32700 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-18 21:16 修改: 2026-03-26 14:47
devise	CVE-2026-40295	中危	4.9.4	>= 5.0.4	Devise is an authentication solution for Rails based on Warden. In ver ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40295 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-22 20:16 修改: 2026-05-29 18:55
doorkeeper-openid_connect	CVE-2026-44476	中危	1.9.0	>= 1.10.0	Dynamic Client Registration feature creates public clients with client_secret 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44476 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
activesupport	CVE-2026-33170	中危	7.0.8.4	~> 7.2.3, >= 7.2.3.1, ~> 8.0.4, >= 8.0.4.1, >= 8.1.2.1	Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#% 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33170 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-24 00:16 修改: 2026-03-24 18:00
sidekiq-cron	CVE-2025-67202	中危	2.3.1	>= 2.4.0	sidekiq-cron: Sidekiq-cron: Cross-site scripting vulnerability via crafted URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67202 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 15:16 修改: 2026-05-08 23:16
faraday	CVE-2026-33637	中危	2.14.1	>= 2.14.2	Faraday is an HTTP client library abstraction layer that provides a co ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33637 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-19 19:16 修改: 2026-05-21 20:17
sinatra	CVE-2024-21510	中危	3.2.0	>= 4.1.0	sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21510 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2024-11-01 05:15 修改: 2026-04-15 00:35
view_component	CVE-2026-44836	中危	3.23.2	>= 4.9.0, >= 3.25.0, < 4.0.0	view_component is a framework for building reusable, testable, and enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-26 21:16 修改: 2026-06-01 18:22
view_component	CVE-2026-44837	中危	3.23.2	>= 4.9.0, >= 3.25.0, < 4.0.0	view_component is a framework for building reusable, testable, and enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44837 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-26 21:16 修改: 2026-06-02 18:43
thor	CVE-2025-54314	低危	1.2.2	>= 1.4.0	thor: Thor Command Injection Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54314 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-07-20 03:15 修改: 2026-04-15 00:35
net-imap	CVE-2026-47241	低危	0.6.4	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Denial of Service via incomplete raw argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
net-imap	CVE-2026-47241	低危	0.4.21	~> 0.5.15, >= 0.6.4.1	Net::IMAP: Denial of Service via incomplete raw argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47241 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

opt/gitlab/embedded/bin/alertmanager (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:11

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.78.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.39.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.39.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.39.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/cosign (gobinary)

低危漏洞:0

中危漏洞:12

高危漏洞:13

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.77.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.39.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.39.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/docker/cli	CVE-2025-15558	高危	v29.0.3+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/sigstore/rekor	CVE-2026-24117	中危	v1.4.3	1.5.0	github.com/sigstore/rekor: Rekor Server-Side Request Forgery (SSRF) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24117 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-22 22:16 修改: 2026-02-02 15:07
github.com/sigstore/sigstore	CVE-2026-24137	中危	v1.10.3	1.10.4	github.com/sigstore/sigstore: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24137 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-23 00:15 修改: 2026-04-15 00:35
github.com/sigstore/timestamp-authority/v2	CVE-2026-39984	中危	v2.0.4	2.0.6	timestamp-authority/v2/pkg/verification: improper certificate validation in verifier 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39984 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-15 04:17 修改: 2026-04-23 17:19
github.com/theupdateframework/go-tuf/v2	CVE-2026-23991	中危	v2.3.0	2.3.1	github.com/theupdateframework/go-tuf/v2: go-tuf client DoS via malformed server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23991 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-22 03:15 修改: 2026-02-17 16:10
github.com/theupdateframework/go-tuf/v2	CVE-2026-23992	中危	v2.3.0	2.3.1	github.com/theupdateframework/go-tuf/v2: go-tuf improperly validates the configured threshold for delegations 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23992 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-22 03:15 修改: 2026-02-17 16:02
github.com/theupdateframework/go-tuf/v2	CVE-2026-24686	中危	v2.3.0	2.4.1	github.com/theupdateframework/go-tuf/v2: go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24686 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-27 01:16 修改: 2026-02-24 19:08
github.com/in-toto/in-toto-golang	GHSA-pmwq-pjrm-6p5r	中危	v0.9.0	0.11.0	in-toto-golang and in-toto-python have inconsistent negation behavior 漏洞详情: https://github.com/advisories/GHSA-pmwq-pjrm-6p5r 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-08 22:24 修改: 2026-05-08 22:24
github.com/sigstore/fulcio	CVE-2026-22772	中危	v1.8.4	1.8.5	fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22772 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-12 21:15 修改: 2026-03-05 13:48
github.com/sigstore/rekor	CVE-2026-23831	中危	v1.4.3	1.5.0	github.com/sigstore/rekor: Rekor denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23831 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-01-22 22:16 修改: 2026-02-02 15:06
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitaly (gobinary)

低危漏洞:1

中危漏洞:6

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.18.0	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.18.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.18.0	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.18.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00

opt/gitlab/embedded/bin/gitaly-backup (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:9

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitaly-blackbox (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitaly-debug (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitaly-wrapper (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-kas (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-pages (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.79.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-resize-image (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-workhorse (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.40.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.40.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	GHSA-xmrv-pmrh-hhx2	中危	v1.7.6	1.7.8	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/aws/aws-sdk-go-v2/service/s3	GHSA-xmrv-pmrh-hhx2	中危	v1.96.3	1.97.3	Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder 漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.40.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-zip-cat (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/gitlab-zip-metadata (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.40.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.40.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/go-crond (gobinary)

低危漏洞:0

中危漏洞:4

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
google.golang.org/protobuf	CVE-2024-24786	中危	v1.31.0	1.33.0	golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24786 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/node_exporter (gobinary)

低危漏洞:0

中危漏洞:6

高危漏洞:9

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/opencontainers/selinux	CVE-2025-52881	高危	v1.11.1	1.13.0	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-11-06 21:15 修改: 2025-12-03 18:37
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/net	CVE-2025-22872	中危	v0.37.0	0.38.0	golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22872 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-04-16 18:16 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto	CVE-2025-58181	中危	v0.36.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/postgres_exporter (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/praefect (gobinary)

低危漏洞:1

中危漏洞:6

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.18.0	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.18.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.18.0	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.18.0	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00

opt/gitlab/embedded/bin/prometheus (gobinary)

低危漏洞:0

中危漏洞:7

高危漏洞:15

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/buger/jsonparser	CVE-2026-32285	高危	v1.1.1	1.1.2	github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32285 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-26 20:16 修改: 2026-04-21 15:42
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/docker/docker	CVE-2026-41567	高危	v28.5.2+incompatible		Moby is an open source container framework. In versions prior to 29.5. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-05 02:17 修改: 2026-06-05 16:01
github.com/docker/docker	CVE-2026-42306	高危	v28.5.2+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/prometheus/prometheus	CVE-2026-42151	高危	v0.311.2+dirty	0.311.3	github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
github.com/prometheus/prometheus	CVE-2026-42154	高危	v0.311.2+dirty	0.311.3, 0.305.2	github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-04 19:16 修改: 2026-05-11 17:22
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.42.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/docker/docker	CVE-2026-41568	中危	v28.5.2+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/prometheus/prometheus	CVE-2026-44903	中危	v0.311.2+dirty	0.311.3	Prometheus is an open-source monitoring system and time series databas ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-26 22:16 修改: 2026-06-05 17:18
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.42.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/redis_exporter (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/bin/registry (gobinary)

低危漏洞:1

中危漏洞:3

高危漏洞:12

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/jackc/pgx/v5	CVE-2026-33816	严重	v5.8.0	5.9.0	github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 16:16 修改: 2026-05-21 19:58
google.golang.org/grpc	CVE-2026-33186	严重	v1.78.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.39.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.39.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/jackc/pgx/v5	CVE-2026-41889	低危	v5.8.0	5.9.2	github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-08 17:16 修改: 2026-05-21 19:58

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/devfile-0.5.1-x86_64-linux/out/devfile-amd64-linux (gobinary)

低危漏洞:1

中危漏洞:10

高危漏洞:17

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/containerd/containerd	CVE-2026-46680	高危	v1.7.30	1.7.32	containerd user ID handling bypass allows runAsNonRoot evasion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46680 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/distribution/distribution/v3	CVE-2026-33540	高危	v3.0.0-20221208165359-362910506bc2	3.1.0	github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33540 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 15:17 修改: 2026-04-09 18:36
github.com/distribution/distribution/v3	CVE-2026-35172	高危	v3.0.0-20221208165359-362910506bc2	3.1.0	github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35172 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-04-06 20:16 修改: 2026-04-27 23:55
github.com/docker/cli	CVE-2025-15558	高危	v25.0.1+incompatible	29.2.0	docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
github.com/docker/docker	CVE-2026-34040	高危	v28.5.2+incompatible	29.3.1	Moby: Moby: Authorization bypass vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/docker/docker	CVE-2026-41567	高危	v28.5.2+incompatible		Moby is an open source container framework. In versions prior to 29.5. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-05 02:17 修改: 2026-06-05 16:01
github.com/docker/docker	CVE-2026-42306	高危	v28.5.2+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
github.com/go-git/go-billy/v5	CVE-2026-44973	高危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44973 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-28 22:16 修改: 2026-05-29 16:32
github.com/go-git/go-git/v5	CVE-2026-45022	高危	v5.17.2	5.19.0	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 17:57
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/distribution/distribution/v3	CVE-2026-41888	中危	v3.0.0-20221208165359-362910506bc2	3.1.1	github.com/distribution/distribution: Distribution: Security bypass allows unauthorized tag deletion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41888 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-14 18:16 修改: 2026-05-15 18:25
github.com/go-git/go-billy/v5	CVE-2026-44740	中危	v5.8.0	5.9.0	Billy is an interface filesystem abstraction for Go. Prior to versions ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44740 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-01 17:17 修改: 2026-06-01 18:53
github.com/docker/docker	CVE-2026-33997	中危	v28.5.2+incompatible	29.3.1	moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/go-git/go-git/v5	CVE-2026-41506	中危	v5.17.2	5.18.0	golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
github.com/go-git/go-git/v5	CVE-2026-45571	中危	v5.17.2	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45571 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:01
github.com/go-git/go-git/v5	GHSA-w5pp-99ch-qj29	中危	v5.17.2	5.19.1	go-git: Malformed Git object data may cause panics or resource exhaustion 漏洞详情: https://github.com/advisories/GHSA-w5pp-99ch-qj29 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-29 19:43 修改: 2026-05-29 19:43
github.com/docker/docker	CVE-2026-41568	中危	v28.5.2+incompatible		Moby is an open source container framework. In Docker Engine prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-12 19:16 修改: 2026-06-12 19:16
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
github.com/go-git/go-git/v5	CVE-2026-45570	低危	v5.17.2	5.19.1	go-git is an extensible git implementation library written in pure Go. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45570 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-27 15:16 修改: 2026-06-04 18:00

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab-glfm-markdown-0.0.41-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
time	CVE-2026-25727	中危	0.3.41	0.3.47	time: time affected by a stack exhaustion denial of service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

time

CVE-2026-25727

中危

0.3.41

0.3.47

time: time affected by a stack exhaustion denial of service attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727

镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531

发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab-glfm-markdown-0.0.41-x86_64-linux-gnu/ext/gitlab_glfm_markdown/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
time	CVE-2026-25727	中危	0.3.41	0.3.47	time: time affected by a stack exhaustion denial of service attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

time

CVE-2026-25727

中危

0.3.41

0.3.47

time: time affected by a stack exhaustion denial of service attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25727

镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531

发布日期: 2026-02-06 20:16 修改: 2026-02-24 15:23

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab_query_language-0.27.1-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:1

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
bytes	CVE-2026-25541	中危	1.10.1	1.11.1	Bytes is a utility library for working with bytes. From version 1.2.1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25541 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-02-04 22:16 修改: 2026-02-27 20:13

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

bytes

CVE-2026-25541

中危

1.10.1

1.11.1

Bytes is a utility library for working with bytes. From version 1.2.1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25541

镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531

发布日期: 2026-02-04 22:16 修改: 2026-02-27 20:13

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/prometheus-client-mmap-1.5.0-x86_64-linux-gnu/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/prometheus-client-mmap-1.5.0-x86_64-linux-gnu/ext/fast_mmaped_file_rs/Cargo.lock (cargo)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-check (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-sshd (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:8

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.25.9	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.9	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.9	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.9	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.9	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.9	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.9	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.9	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27145	中危	v1.25.9	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-39826	中危	v1.25.9	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.9	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:2df9ef41e961a052743d003bb95f3b2b496ceeb42c1be3ace91d9997a34df531 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15

/etc/ssh/ssh_host_ecdsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_ed25519_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/etc/ssh/ssh_host_rsa_key ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/aws-sdk-core-3.194.2/lib/aws-sdk-ssooidc/client.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/aws-sdk-core-3.242.0/lib/aws-sdk-ssooidc/client.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/chef-18.3.0/lib/chef/resource/openssl_ec_public_key.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/chef-zero-15.0.11/lib/chef_zero.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/fog-aws-3.33.2/lib/fog/aws/models/compute/key_pairs.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/service/gitlab-rails/app/models/concerns/integrations/base/diffblue_cover.rb ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks-local.toml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks.toml ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/gitlab/gitlab-ce:19.0.2-ce.0 linux/amd64

全部漏洞信息

docker.io/gitlab/gitlab-ce:19.0.2-ce.0 (ubuntu 24.04) (ubuntu)

Node.js (node-pkg)

Ruby (gemspec)

opt/gitlab/embedded/bin/alertmanager (gobinary)

opt/gitlab/embedded/bin/cosign (gobinary)

opt/gitlab/embedded/bin/gitaly (gobinary)

opt/gitlab/embedded/bin/gitaly-backup (gobinary)

opt/gitlab/embedded/bin/gitaly-blackbox (gobinary)

opt/gitlab/embedded/bin/gitaly-debug (gobinary)

opt/gitlab/embedded/bin/gitaly-wrapper (gobinary)

opt/gitlab/embedded/bin/gitlab-kas (gobinary)

opt/gitlab/embedded/bin/gitlab-pages (gobinary)

opt/gitlab/embedded/bin/gitlab-resize-image (gobinary)

opt/gitlab/embedded/bin/gitlab-workhorse (gobinary)

opt/gitlab/embedded/bin/gitlab-zip-cat (gobinary)

opt/gitlab/embedded/bin/gitlab-zip-metadata (gobinary)

opt/gitlab/embedded/bin/go-crond (gobinary)

opt/gitlab/embedded/bin/node_exporter (gobinary)

opt/gitlab/embedded/bin/postgres_exporter (gobinary)

opt/gitlab/embedded/bin/praefect (gobinary)

opt/gitlab/embedded/bin/prometheus (gobinary)

opt/gitlab/embedded/bin/redis_exporter (gobinary)

opt/gitlab/embedded/bin/registry (gobinary)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/devfile-0.5.1-x86_64-linux/out/devfile-amd64-linux (gobinary)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab-glfm-markdown-0.0.41-x86_64-linux-gnu/Cargo.lock (cargo)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab-glfm-markdown-0.0.41-x86_64-linux-gnu/ext/gitlab_glfm_markdown/Cargo.lock (cargo)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/gitlab_query_language-0.27.1-x86_64-linux-gnu/Cargo.lock (cargo)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/prometheus-client-mmap-1.5.0-x86_64-linux-gnu/Cargo.lock (cargo)

opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/prometheus-client-mmap-1.5.0-x86_64-linux-gnu/ext/fast_mmaped_file_rs/Cargo.lock (cargo)

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell (gobinary)

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check (gobinary)

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-principals-check (gobinary)

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-check (gobinary)

opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-sshd (gobinary)

/etc/ssh/ssh_host_ecdsa_key ()

/etc/ssh/ssh_host_ed25519_key ()

/etc/ssh/ssh_host_rsa_key ()

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/aws-sdk-core-3.194.2/lib/aws-sdk-ssooidc/client.rb ()

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/aws-sdk-core-3.242.0/lib/aws-sdk-ssooidc/client.rb ()

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/chef-18.3.0/lib/chef/resource/openssl_ec_public_key.rb ()

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/chef-zero-15.0.11/lib/chef_zero.rb ()

/opt/gitlab/embedded/lib/ruby/gems/3.3.0/gems/fog-aws-3.33.2/lib/fog/aws/models/compute/key_pairs.rb ()

/opt/gitlab/embedded/service/gitlab-rails/app/models/concerns/integrations/base/diffblue_cover.rb ()

/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks-local.toml ()

/opt/gitlab/embedded/service/gitlab-rails/config/gitleaks.toml ()