docker.io/gpustack/mirrored-node-feature-discovery:v0.18.3 linux/amd64

docker.io/gpustack/mirrored-node-feature-discovery:v0.18.3 - Trivy安全扫描结果扫描时间: 2026-06-09 13:06

全部漏洞信息

低危漏洞:6

中危漏洞:70

高危漏洞:100

严重漏洞:7

系统OS: 扫描引擎: Trivy 扫描时间: 2026-06-09 13:06

usr/bin/kubectl-nfd (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:15

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/nfd (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:18

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/opencontainers/runc	CVE-2025-52565	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: container escape with malicious config due to /dev/console mount and related races 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52565 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 20:15 修改: 2025-12-03 18:33
github.com/opencontainers/runc	CVE-2025-52881	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 21:15 修改: 2025-12-03 18:37
github.com/opencontainers/runc	CVE-2025-31133	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: container escape via 'masked path' abuse due to mount race conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31133 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 19:15 修改: 2025-12-03 18:30
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/nfd-gc (gobinary)

低危漏洞:1

中危漏洞:10

高危漏洞:15

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/nfd-master (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:16

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/nfd-topology-updater (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:18

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.75.1	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.37.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.37.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.37.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

usr/bin/nfd-worker (gobinary)

低危漏洞:1

中危漏洞:12

高危漏洞:18

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2025-68121	严重	v1.25.3	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
github.com/opencontainers/runc	CVE-2025-52565	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: container escape with malicious config due to /dev/console mount and related races 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52565 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 20:15 修改: 2025-12-03 18:33
github.com/opencontainers/runc	CVE-2025-52881	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52881 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 21:15 修改: 2025-12-03 18:37
github.com/opencontainers/runc	CVE-2025-31133	高危	v1.3.1	1.2.8, 1.3.3, 1.4.0-rc.3	runc: container escape via 'masked path' abuse due to mount race conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31133 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-06 19:15 修改: 2025-12-03 18:30
stdlib	CVE-2025-61726	高危	v1.25.3	1.24.12, 1.25.6	golang: net/url: Memory exhaustion in query parameter parsing in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib	CVE-2025-61729	高危	v1.25.3	1.24.11, 1.25.5	crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib	CVE-2026-25679	高危	v1.25.3	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.3	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.3	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.3	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.3	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.3	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.3	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.3	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39826	高危	v1.25.3	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-39836	高危	v1.25.3	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.3	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.3	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
golang.org/x/crypto	CVE-2025-58181	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
k8s.io/kubernetes	CVE-2025-13281	中危	v1.34.1	1.32.10, 1.33.6, 1.34.2	kube-controller-manager: Portworx Half-Blind SSRF in kube-controller-manager 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13281 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-14 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto	CVE-2025-47914	中危	v0.42.0	0.45.0	golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
stdlib	CVE-2025-61727	中危	v1.25.3	1.24.11, 1.25.5	golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib	CVE-2025-61728	中危	v1.25.3	1.24.12, 1.25.6	golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib	CVE-2025-61730	中危	v1.25.3	1.24.12, 1.25.6	crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib	CVE-2026-27142	中危	v1.25.3	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.3	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.3	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.3	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.3	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-42507	中危	v1.25.3	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.3	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:e1b5a6fd4997cfe7bbe10e625b46dc3966be61003a967bed74c88e7160a39142 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32