docker.io/gitlab/gitlab-runner:v18.11.3 linux/amd64

docker.io/gitlab/gitlab-runner:v18.11.3 - Trivy安全扫描结果 扫描时间: 2026-05-13 11:57
全部漏洞信息
低危漏洞:24 中危漏洞:67 高危漏洞:25 严重漏洞:2

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-05-13 11:57

docker.io/gitlab/gitlab-runner:v18.11.3 (ubuntu 24.04) (ubuntu)
低危漏洞:22 中危漏洞:46 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
bsdutils CVE-2026-27456 中危 1:2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
curl CVE-2026-5545 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-6253 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-6429 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-7168 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dpkg CVE-2026-2219 中危 1.22.6ubuntu6.5 1.22.6ubuntu6.6 It was discovered that dpkg-deb (a component of dpkg, the Debian packa ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-07 09:16 修改: 2026-03-09 15:15
git CVE-2024-52005 中危 1:2.43.0-1ubuntu7.3 git: The sideband payload is passed unfiltered to the terminal in git

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
git-lfs CVE-2024-53263 中危 3.4.1-1ubuntu0.3 git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53263

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2025-01-14 20:15 修改: 2026-04-15 00:35
git-lfs CVE-2025-26625 中危 3.4.1-1ubuntu0.3 git-lfs: Git LFS may write to arbitrary files via crafted symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26625

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2025-10-17 16:15 修改: 2026-04-15 00:35
git-man CVE-2024-52005 中危 1:2.43.0-1ubuntu7.3 git: The sideband payload is passed unfiltered to the terminal in git

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
libblkid1 CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin CVE-2026-4046 中危 2.39-0ubuntu8.7 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin CVE-2026-4437 中危 2.39-0ubuntu8.7 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin CVE-2026-4438 中危 2.39-0ubuntu8.7 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6 CVE-2026-4046 中危 2.39-0ubuntu8.7 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6 CVE-2026-4437 中危 2.39-0ubuntu8.7 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6 CVE-2026-4438 中危 2.39-0ubuntu8.7 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libcap2 CVE-2026-4878 中危 1:2.66-5ubuntu2.2 1:2.66-5ubuntu2.4 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-09 16:16 修改: 2026-05-07 22:16
libcurl3t64-gnutls CVE-2026-5545 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl3t64-gnutls CVE-2026-6253 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl3t64-gnutls CVE-2026-6429 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl3t64-gnutls CVE-2026-7168 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-5545 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5545

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-6253 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6253

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-6429 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6429

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-7168 中危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7168

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libexpat1 CVE-2025-66382 中危 2.6.1-2ubuntu0.4 libexpat: libexpat: Denial of service via crafted file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2025-11-28 07:15 修改: 2026-05-12 13:17
libmount1 CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libnghttp2-14 CVE-2026-27135 中危 1.59.0-1ubuntu0.2 1.59.0-1ubuntu0.3 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-03-18 18:16 修改: 2026-03-23 17:51
libsmartcols1 CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64 CVE-2026-31790 中危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libsystemd0 CVE-2026-29111 中危 255.4-1ubuntu8.12 255.4-1ubuntu8.14 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
libudev1 CVE-2026-29111 中危 255.4-1ubuntu8.12 255.4-1ubuntu8.14 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
libuuid1 CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
openssh-client CVE-2026-35385 中危 1:9.6p1-3ubuntu13.15 1:9.6p1-3ubuntu13.16 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35385

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-02 17:16 修改: 2026-04-27 14:02
openssh-client CVE-2026-35386 中危 1:9.6p1-3ubuntu13.15 1:9.6p1-3ubuntu13.16 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35386

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-02 17:16 修改: 2026-04-27 14:03
openssh-client CVE-2026-35387 中危 1:9.6p1-3ubuntu13.15 1:9.6p1-3ubuntu13.16 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35387

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-02 17:16 修改: 2026-04-27 14:05
openssh-client CVE-2026-35388 中危 1:9.6p1-3ubuntu13.15 1:9.6p1-3ubuntu13.16 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35388

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-02 17:16 修改: 2026-04-27 14:12
openssh-client CVE-2026-35414 中危 1:9.6p1-3ubuntu13.15 1:9.6p1-3ubuntu13.16 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35414

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-02 18:16 修改: 2026-04-10 19:36
openssl CVE-2026-31790 中危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
sed CVE-2026-5958 中危 4.9-2build1 4.9-2ubuntu0.24.04.1 When sed is invoked with both -i (in-place edit) and --follow-symlinks ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-20 12:16 修改: 2026-04-20 19:05
tar CVE-2025-45582 中危 1.35+dfsg-3build1 tar: Tar path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar CVE-2026-5704 中危 1.35+dfsg-3build1 tar: tar: Hidden file injection via crafted archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux CVE-2026-27456 中危 2.39.3-9ubuntu6.4 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
wget CVE-2021-31879 中危 1.21.4-1ubuntu4.1 wget: authorization header disclosure on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2021-04-29 05:15 修改: 2024-11-21 06:06
libcurl3t64-gnutls CVE-2026-4873 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Information disclosure due to incorrect TLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-4873 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Information disclosure due to incorrect TLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl4t64 CVE-2026-5773 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
login CVE-2024-56433 低危 1:4.13+dfsg1-4ubuntu3.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libcurl4t64 CVE-2026-6276 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libcurl3t64-gnutls CVE-2026-5773 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgcrypt20 CVE-2024-2236 低危 1.10.3-2build1 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
libcurl3t64-gnutls CVE-2026-6276 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-6276 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6276

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-4873 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: curl: Information disclosure due to incorrect TLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4873

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
curl CVE-2026-5773 低危 8.5.0-2ubuntu10.8 8.5.0-2ubuntu10.9 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5773

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
openssl CVE-2026-28387 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28388 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28389 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28390 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-31789 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
passwd CVE-2024-56433 低危 1:4.13+dfsg1-4ubuntu3.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libssl3t64 CVE-2026-28387 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3t64 CVE-2026-28388 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3t64 CVE-2026-28389 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3t64 CVE-2026-28390 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3t64 CVE-2026-31789 低危 3.0.13-0ubuntu3.7 3.0.13-0ubuntu3.9 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:f2a7f072635332d307212e318e07284948b89f4167fce5c4d7c9cfb7590b74b6

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
usr/bin/docker-machine (gobinary)
低危漏洞:0 中危漏洞:7 高危漏洞:9 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.67.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/docker/docker CVE-2026-34040 高危 v28.5.2+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
stdlib CVE-2026-32280 高危 v1.25.8 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib CVE-2026-32281 高危 v1.25.8 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32283 高危 v1.25.8 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib CVE-2026-33811 高危 v1.25.8 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.25.8 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib CVE-2026-39820 高危 v1.25.8 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39836 高危 v1.25.8 1.25.10, 1.26.3 Panic in Dial and LookupPort when handling NUL byte on Windows in net

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-42499 高危 v1.25.8 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/docker/docker CVE-2026-33997 中危 v28.5.2+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
stdlib CVE-2026-32282 中危 v1.25.8 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32288 中危 v1.25.8 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib CVE-2026-32289 中危 v1.25.8 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib CVE-2026-39823 中危 v1.25.8 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39825 中危 v1.25.8 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-39826 中危 v1.25.8 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag containing a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:ea1668a9711b94f9c03e4be2ff253038be9df1811ed50b1352e795efd6b2fc32

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
usr/bin/gitlab-runner (gobinary)
低危漏洞:2 中危漏洞:14 高危漏洞:16 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.79.2 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/docker/cli CVE-2025-15558 高危 v28.5.2+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-04 17:16 修改: 2026-03-09 17:38
github.com/docker/docker CVE-2026-34040 高危 v28.5.2+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:51
github.com/go-git/go-git/v5 CVE-2026-45022 高危 v5.17.0 5.19.0 go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45022

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
github.com/go-jose/go-jose/v4 CVE-2026-34986 高危 v4.1.3 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
github.com/moby/spdystream CVE-2026-35469 高危 v0.5.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35469

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-16 22:16 修改: 2026-04-29 21:04
go.opentelemetry.io/otel/sdk CVE-2026-39883 高危 v1.41.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/buger/jsonparser CVE-2026-32285 高危 v1.1.1 1.1.2 github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32285

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-26 20:16 修改: 2026-04-21 15:42
stdlib CVE-2026-25679 高危 v1.25.7 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib CVE-2026-32280 高危 v1.25.7 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib CVE-2026-32281 高危 v1.25.7 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32283 高危 v1.25.7 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib CVE-2026-33811 高危 v1.25.7 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.25.7 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib CVE-2026-39820 高危 v1.25.7 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39836 高危 v1.25.7 1.25.10, 1.26.3 Panic in Dial and LookupPort when handling NUL byte on Windows in net

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-42499 高危 v1.25.7 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream GHSA-xmrv-pmrh-hhx2 中危 v1.7.4 1.7.8 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/in-toto/in-toto-golang GHSA-pmwq-pjrm-6p5r 中危 v0.10.0 0.11.0 in-toto-golang and in-toto-python have inconsistent negation behavior

漏洞详情: https://github.com/advisories/GHSA-pmwq-pjrm-6p5r

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-08 22:24 修改: 2026-05-08 22:24
github.com/aws/aws-sdk-go-v2/service/s3 GHSA-xmrv-pmrh-hhx2 中危 v1.96.0 1.97.3 Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

漏洞详情: https://github.com/advisories/GHSA-xmrv-pmrh-hhx2

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 00:18 修改: 2026-04-08 00:18
github.com/docker/docker CVE-2026-33997 中危 v28.5.2+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-31 03:15 修改: 2026-04-03 17:23
github.com/Azure/go-ntlmssp CVE-2026-32952 中危 v0.1.0 0.1.1 go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
github.com/go-git/go-git/v5 CVE-2026-34165 中危 v5.17.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34165

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
github.com/go-git/go-git/v5 CVE-2026-41506 中危 v5.17.0 5.18.0 go-git is an extensible git implementation library written in pure Go. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41506

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-08 14:16 修改: 2026-05-12 14:33
stdlib CVE-2026-27142 中危 v1.25.7 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib CVE-2026-32282 中危 v1.25.7 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32288 中危 v1.25.7 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib CVE-2026-32289 中危 v1.25.7 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib CVE-2026-39823 中危 v1.25.7 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39825 中危 v1.25.7 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-39826 中危 v1.25.7 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag containing a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/go-git/go-git/v5 CVE-2026-33762 低危 v5.17.0 5.17.1 github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33762

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-31 15:16 修改: 2026-04-02 16:49
stdlib CVE-2026-27139 低危 v1.25.7 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:ab5b017944289e8371d5e76942e485c315bf711d2d05bad75bb994334410232f

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32