docker.io/grafana/grafana:13.1.0-25893932881 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:1

中危漏洞:11

高危漏洞:18

严重漏洞:0

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-05-17 21:58

docker.io/grafana/grafana:13.1.0-25893932881 (alpine 3.23.4) (alpine)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/share/grafana/bin/grafana (gobinary)

低危漏洞:0

中危漏洞:1

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/grafana/tempo	CVE-2026-21728	高危	v1.5.1-0.20260427112133-525d1bab07e0	2.8.4, 2.9.2, 2.10.2	grafana/tempo: Tempo: Denial of Service via large queries 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21728 镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d 发布日期: 2026-04-24 09:16 修改: 2026-04-24 14:39
github.com/grafana/tempo	CVE-2026-28377	高危	v1.5.1-0.20260427112133-525d1bab07e0	2.10.3	Grafana Tempo: Grafana Tempo: Information disclosure of S3 encryption key via status config endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28377 镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d 发布日期: 2026-03-26 22:16 修改: 2026-03-31 19:00
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	CVE-2026-39882	中危	v0.12.2	0.19.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

github.com/grafana/tempo

CVE-2026-21728

高危

v1.5.1-0.20260427112133-525d1bab07e0

2.8.4, 2.9.2, 2.10.2

grafana/tempo: Tempo: Denial of Service via large queries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21728

镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d

发布日期: 2026-04-24 09:16 修改: 2026-04-24 14:39

github.com/grafana/tempo

CVE-2026-28377

高危

v1.5.1-0.20260427112133-525d1bab07e0

2.10.3

Grafana Tempo: Grafana Tempo: Information disclosure of S3 encryption key via status config endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28377

镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d

发布日期: 2026-03-26 22:16 修改: 2026-03-31 19:00

go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp

CVE-2026-39882

中危

v0.12.2

0.19.0

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882

镜像层: sha256:f90c2faf149a42f11a8cc1cbbd623fb5dc4fd219faddf855740b56c7e69bdb7d

发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39

usr/share/grafana/data/plugins-bundled/elasticsearch/gpx_grafana_elasticsearch_datasource_linux_amd64 (gobinary)

低危漏洞:0

中危漏洞:3

高危漏洞:5

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2026-33811	高危	v1.26.2	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.26.2	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.26.2	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.26.2	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.26.2	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39823	中危	v1.26.2	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.26.2	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.26.2	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16

usr/share/grafana/data/plugins-bundled/zipkin/gpx_grafana-zipkin-datasource_linux_amd64 (gobinary)

低危漏洞:1

中危漏洞:7

高危漏洞:11

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.40.0	1.41.0	OpenTelemetry-Go: multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.40.0	1.43.0	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
stdlib	CVE-2026-25679	高危	v1.25.7	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.7	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.7	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.7	1.25.10, 1.26.3	When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.7	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib	CVE-2026-39820	高危	v1.25.7	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39836	高危	v1.25.7	1.25.10, 1.26.3	Panic in Dial and LookupPort when handling NUL byte on Windows in net 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-42499	高危	v1.25.7	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-27142	中危	v1.25.7	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-32282	中危	v1.25.7	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.7	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.7	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39823	中危	v1.25.7	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-39825	中危	v1.25.7	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib	CVE-2026-39826	中危	v1.25.7	1.25.10, 1.26.3	If a trusted template author were to write a <script> tag containing a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib	CVE-2026-27139	低危	v1.25.7	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:3113361c262dc3913d75afbaadabc9f0af2b702b436a48e78ea2ec8ec0b55bff 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32

docker.io/grafana/grafana:13.1.0-25893932881 linux/amd64

全部漏洞信息

docker.io/grafana/grafana:13.1.0-25893932881 (alpine 3.23.4) (alpine)

Node.js (node-pkg)

usr/share/grafana/bin/grafana (gobinary)

usr/share/grafana/data/plugins-bundled/elasticsearch/gpx_grafana_elasticsearch_datasource_linux_amd64 (gobinary)

usr/share/grafana/data/plugins-bundled/zipkin/gpx_grafana-zipkin-datasource_linux_amd64 (gobinary)