docker.io/griefed/composerize:latest linux/amd64

docker.io/griefed/composerize:latest - Trivy安全扫描结果 扫描时间: 2024-11-05 13:58
全部漏洞信息
低危漏洞:18 中危漏洞:80 高危漏洞:134 严重漏洞:27

系统OS: alpine 3.12.1 扫描引擎: Trivy 扫描时间: 2024-11-05 13:58

docker.io/griefed/composerize:latest (alpine 3.12.1) (alpine)
低危漏洞:6 中危漏洞:41 高危漏洞:83 严重漏洞:18
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
apk-tools CVE-2021-36159 严重 2.10.5-r1 2.10.7-r0 libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36159

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-08-03 14:15 修改: 2023-11-07 03:36
expat CVE-2022-22822 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in addBinding in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22822

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 15:29
expat CVE-2022-22823 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in build_model in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22823

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22824 严重 2.2.9-r1 2.2.10-r0 expat: Integer overflow in defineAttribute in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22824

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-23852 严重 2.2.9-r1 2.2.10-r1 expat: Integer overflow in function XML_GetBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23852

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-24 02:15 修改: 2022-10-29 02:44
expat CVE-2022-25235 严重 2.2.9-r1 2.2.10-r2 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25235

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25236 严重 2.2.9-r1 2.2.10-r2 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25236

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-16 01:15 修改: 2023-11-07 03:44
expat CVE-2022-25315 严重 2.2.9-r1 2.2.10-r2 expat: Integer overflow in storeRawNames()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25315

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
libcrypto1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcurl CVE-2021-22945 严重 7.69.1-r1 7.79.0-r0 curl: use-after-free and double-free in MQTT sending

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22945

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-09-23 13:15 修改: 2024-03-27 15:04
libssl1.1 CVE-2021-3711 严重 1.1.1g-r0 1.1.1l-r0 openssl: SM2 Decryption Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
nodejs CVE-2020-7774 严重 12.18.4-r0 12.22.1-r0 nodejs-y18n: prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
nodejs CVE-2021-22930 严重 12.18.4-r0 12.22.4-r0 nodejs: Use-after-free on close http2 on stream canceling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22930

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-10-07 14:15 修改: 2024-01-05 10:15
nodejs CVE-2021-22931 严重 12.18.4-r0 12.22.5-r0 nodejs: Improper handling of untypical characters in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22931

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-16 19:15 修改: 2024-01-05 10:15
npm CVE-2020-7774 严重 12.18.4-r0 12.22.1-r0 nodejs-y18n: prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
npm CVE-2021-22930 严重 12.18.4-r0 12.22.4-r0 nodejs: Use-after-free on close http2 on stream canceling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22930

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-10-07 14:15 修改: 2024-01-05 10:15
npm CVE-2021-22931 严重 12.18.4-r0 12.22.5-r0 nodejs: Improper handling of untypical characters in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22931

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-16 19:15 修改: 2024-01-05 10:15
zlib CVE-2022-37434 严重 1.2.11-r3 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
busybox CVE-2021-42381 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42382 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
expat CVE-2021-45960 高危 2.2.9-r1 2.2.10-r0 expat: Large number of prefixed XML attributes on a single tag can crash libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45960

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-01 19:15 修改: 2022-10-06 19:08
expat CVE-2021-46143 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in doProlog in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46143

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-06 04:15 修改: 2022-10-06 19:11
expat CVE-2022-22825 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in lookup in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22825

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 14:47
expat CVE-2022-22826 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in nextScaffoldPart in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22826

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:44
expat CVE-2022-22827 高危 2.2.9-r1 2.2.10-r0 expat: Integer overflow in storeAtts in xmlparse.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22827

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-10 14:12 修改: 2022-10-06 12:52
expat CVE-2022-23990 高危 2.2.9-r1 2.2.10-r1 expat: integer overflow in the doProlog function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23990

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-01-26 19:15 修改: 2023-11-07 03:44
expat CVE-2022-25314 高危 2.2.9-r1 2.2.10-r2 expat: Integer overflow in copyString()

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25314

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
git CVE-2021-21300 高危 2.26.2-r0 2.26.3-r0 git: remote code execution during clone operation on case-insensitive filesystems

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21300

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-09 20:15 修改: 2023-11-07 03:29
git CVE-2021-40330 高危 2.26.2-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
git-perl CVE-2021-21300 高危 2.26.2-r0 2.26.3-r0 git: remote code execution during clone operation on case-insensitive filesystems

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21300

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-09 20:15 修改: 2023-11-07 03:29
git-perl CVE-2021-40330 高危 2.26.2-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
busybox CVE-2021-42383 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libcrypto1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libcrypto1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
busybox CVE-2021-42384 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libcurl CVE-2020-8231 高危 7.69.1-r1 7.69.1-r2 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8231

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2020-12-14 20:15 修改: 2024-03-27 16:04
libcurl CVE-2020-8285 高危 7.69.1-r1 7.69.1-r3 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8285

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
libcurl CVE-2020-8286 高危 7.69.1-r1 7.69.1-r3 curl: Inferior OCSP verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8286

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2020-12-14 20:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22901 高危 7.69.1-r1 7.77.0-r0 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22901

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:12
libcurl CVE-2021-22946 高危 7.69.1-r1 7.79.0-r0 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22946

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:12
libcurl CVE-2022-22576 高危 7.69.1-r1 7.79.1-r1 curl: OAUTH2 bearer bypass in connection re-use

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22576

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-05-26 17:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27775 高危 7.69.1-r1 7.79.1-r1 curl: bad local IPv6 connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27775

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libldap CVE-2020-25692 高危 2.4.50-r0 2.4.50-r1 openldap: NULL pointer dereference for unauthenticated packet in slapd

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25692

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2020-12-08 01:15 修改: 2022-10-12 14:27
libldap CVE-2020-25709 高危 2.4.50-r0 2.4.50-r1 openldap: assertion failure in Certificate List syntax validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25709

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-05-18 12:15 修改: 2023-11-07 03:20
libldap CVE-2020-25710 高危 2.4.50-r0 2.4.50-r1 openldap: assertion failure in CSN normalization with invalid input

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25710

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-05-28 11:15 修改: 2023-11-07 03:20
libldap CVE-2021-27212 高危 2.4.50-r0 2.4.50-r2 openldap: Assertion failure in slapd in the issuerAndThisUpdateCheck function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27212

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-02-14 03:15 修改: 2023-11-07 03:31
libsasl CVE-2022-24407 高危 2.1.27-r6 2.1.28-r0 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24407

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-24 15:15 修改: 2023-11-07 03:44
busybox CVE-2021-42385 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libssl1.1 CVE-2021-23840 高危 1.1.1g-r0 1.1.1j-r0 openssl: integer overflow in CipherUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3450 高危 1.1.1g-r0 1.1.1k-r0 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libssl1.1 CVE-2021-3712 高危 1.1.1g-r0 1.1.1l-r0 openssl: Read buffer overruns processing ASN.1 strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2022-0778 高危 1.1.1g-r0 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
libxml2 CVE-2021-3517 高危 2.9.10-r5 2.9.10-r6 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3517

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-05-19 14:15 修改: 2023-11-07 03:38
libxml2 CVE-2021-3518 高危 2.9.10-r5 2.9.10-r6 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3518

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-05-18 12:15 修改: 2023-11-07 03:38
libxml2 CVE-2022-23308 高危 2.9.10-r5 2.9.13-r0 libxml2: Use-after-free of ID and IDREF attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23308

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-26 05:15 修改: 2023-11-07 03:44
busybox CVE-2021-42386 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2022-28391 高危 1.31.1-r19 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
apk-tools CVE-2021-30139 高危 2.10.5-r1 2.10.6-r0

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30139

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-04-21 16:15 修改: 2021-04-22 18:21
nodejs CVE-2020-8265 高危 12.18.4-r0 12.20.1-r0 nodejs: use-after-free in the TLS implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8265

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-01-06 21:15 修改: 2023-11-07 03:26
nodejs CVE-2020-8277 高危 12.18.4-r0 12.20.1-r0 c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8277

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-11-19 01:15 修改: 2023-11-07 03:26
nodejs CVE-2021-22883 高危 12.18.4-r0 12.21.0-r0 nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-03 18:15 修改: 2023-11-07 03:30
nodejs CVE-2021-22884 高危 12.18.4-r0 12.21.0-r0 nodejs: DNS rebinding in --inspect

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22884

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-03 18:15 修改: 2023-11-07 03:30
nodejs CVE-2021-37701 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37701

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-01-19 20:11
nodejs CVE-2021-37712 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37712

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-02-23 02:28
nodejs CVE-2021-37713 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
nodejs CVE-2021-39134 高危 12.18.4-r0 12.22.6-r0 nodejs-arborist: symlink following vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39134

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-11-07 03:37
nodejs CVE-2021-39135 高危 12.18.4-r0 12.22.6-r0 nodejs-arborist: symlink following vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39135

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-11-07 03:37
nodejs CVE-2021-44531 高危 12.18.4-r0 12.22.10-r0 nodejs: Improper handling of URI Subject Alternative Names

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44531

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-05 13:56
nodejs CVE-2022-21824 高危 12.18.4-r0 12.22.10-r0 nodejs: Prototype pollution via console.table properties

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21824

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-11-10 03:48
busybox CVE-2021-28831 高危 1.31.1-r19 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
busybox CVE-2021-42378 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox CVE-2021-42379 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
npm CVE-2020-8265 高危 12.18.4-r0 12.20.1-r0 nodejs: use-after-free in the TLS implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8265

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-01-06 21:15 修改: 2023-11-07 03:26
npm CVE-2020-8277 高危 12.18.4-r0 12.20.1-r0 c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8277

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-11-19 01:15 修改: 2023-11-07 03:26
npm CVE-2021-22883 高危 12.18.4-r0 12.21.0-r0 nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-03 18:15 修改: 2023-11-07 03:30
npm CVE-2021-22884 高危 12.18.4-r0 12.21.0-r0 nodejs: DNS rebinding in --inspect

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22884

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-03 18:15 修改: 2023-11-07 03:30
npm CVE-2021-37701 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37701

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-01-19 20:11
npm CVE-2021-37712 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37712

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-02-23 02:28
npm CVE-2021-37713 高危 12.18.4-r0 12.22.6-r0 nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
npm CVE-2021-39134 高危 12.18.4-r0 12.22.6-r0 nodejs-arborist: symlink following vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39134

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-11-07 03:37
npm CVE-2021-39135 高危 12.18.4-r0 12.22.6-r0 nodejs-arborist: symlink following vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39135

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 17:15 修改: 2023-11-07 03:37
npm CVE-2021-44531 高危 12.18.4-r0 12.22.10-r0 nodejs: Improper handling of URI Subject Alternative Names

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44531

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-05 13:56
npm CVE-2022-21824 高危 12.18.4-r0 12.22.10-r0 nodejs: Prototype pollution via console.table properties

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21824

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-11-10 03:48
perl-git CVE-2021-21300 高危 2.26.2-r0 2.26.3-r0 git: remote code execution during clone operation on case-insensitive filesystems

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21300

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-09 20:15 修改: 2023-11-07 03:29
perl-git CVE-2021-40330 高危 2.26.2-r0 2.26.3-r1 git: unexpected cross-protocol requests via a repository path containing a newline character

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-40330

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-31 04:15 修改: 2022-11-07 18:37
ssl_client CVE-2021-28831 高危 1.31.1-r19 1.31.1-r20 busybox: invalid free or segmentation fault via malformed gzip data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
ssl_client CVE-2021-42378 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42379 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42380 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42381 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42382 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42383 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42384 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42385 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2021-42386 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client CVE-2022-28391 高危 1.31.1-r19 1.31.1-r22 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
xz-libs CVE-2022-1271 高危 5.2.5-r0 5.2.5-r1 gzip: arbitrary-file-write vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1271

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-08-31 16:15 修改: 2024-08-26 10:47
busybox CVE-2021-42380 高危 1.31.1-r19 1.31.1-r21 busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
zlib CVE-2018-25032 高危 1.2.11-r3 1.2.12-r0 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
nodejs CVE-2021-44532 中危 12.18.4-r0 12.22.10-r0 nodejs: Certificate Verification Bypass via String Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44532

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-05 14:00
nodejs CVE-2021-44533 中危 12.18.4-r0 12.22.10-r0 nodejs: Incorrect handling of certificate subject and issuer fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44533

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-06 02:28
libuuid CVE-2021-3996 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of filesystems in libmount

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3996

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-08-23 20:15 修改: 2024-10-15 16:35
libuuid CVE-2022-0563 中危 2.35.2-r0 2.37.4-r0 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-21 19:15 修改: 2024-01-07 09:15
libcurl CVE-2021-22947 中危 7.69.1-r1 7.79.0-r0 curl: Server responses received before STARTTLS processed after TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22947

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-09-29 20:15 修改: 2024-03-27 15:03
libcurl CVE-2022-27774 中危 7.69.1-r1 7.79.1-r1 curl: credential leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27774

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libcurl CVE-2022-27776 中危 7.69.1-r1 7.79.1-r1 curl: auth/cookie leak on redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27776

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-06-02 14:15 修改: 2024-03-27 15:02
libxml2 CVE-2021-3537 中危 2.9.10-r5 2.9.10-r6 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3537

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-05-14 20:15 修改: 2023-11-07 03:38
libxml2 CVE-2021-3541 中危 2.9.10-r5 2.9.12-r0 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3541

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-07-09 17:15 修改: 2022-03-01 18:25
libxml2 CVE-2022-29824 中危 2.9.10-r5 2.9.14-r0 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29824

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-05-03 03:15 修改: 2023-11-07 03:46
musl CVE-2020-28928 中危 1.1.24-r9 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
musl-utils CVE-2020-28928 中危 1.1.24-r9 1.1.24-r10 In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
expat CVE-2022-25313 中危 2.2.9-r1 2.2.10-r2 expat: Stack exhaustion in doctype parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25313

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-02-18 05:15 修改: 2023-11-07 03:44
libcrypto1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
npm CVE-2020-8287 中危 12.18.4-r0 12.20.1-r0 nodejs: HTTP request smuggling via two copies of a header field in an http request

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8287

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-01-06 21:15 修改: 2023-11-07 03:26
npm CVE-2021-22918 中危 12.18.4-r0 12.22.2-r0 libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22918

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-07-12 11:15 修改: 2024-01-16 13:15
npm CVE-2021-22939 中危 12.18.4-r0 12.22.5-r0 nodejs: Incomplete validation of tls rejectUnauthorized parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22939

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-16 19:15 修改: 2024-01-05 10:15
npm CVE-2021-22959 中危 12.18.4-r0 12.22.10-r0 llhttp: HTTP Request Smuggling due to spaces in headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22959

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-15 15:15 修改: 2022-12-09 16:14
npm CVE-2021-22960 中危 12.18.4-r0 12.22.10-r0 llhttp: HTTP Request Smuggling when parsing the body of chunked requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22960

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-03 20:15 修改: 2023-01-20 02:04
npm CVE-2021-3672 中危 12.18.4-r0 12.22.5-r0 c-ares: Missing input validation of host names may lead to domain hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3672

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-23 19:15 修改: 2024-01-05 10:15
npm CVE-2021-44532 中危 12.18.4-r0 12.22.10-r0 nodejs: Certificate Verification Bypass via String Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44532

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-05 14:00
npm CVE-2021-44533 中危 12.18.4-r0 12.22.10-r0 nodejs: Incorrect handling of certificate subject and issuer fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44533

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-24 19:15 修改: 2022-10-06 02:28
busybox CVE-2021-42374 中危 1.31.1-r19 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
c-ares CVE-2021-3672 中危 1.16.1-r0 1.17.2-r0 c-ares: Missing input validation of host names may lead to domain hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3672

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-23 19:15 修改: 2024-01-05 10:15
libcurl CVE-2021-22876 中危 7.69.1-r1 7.76.0-r0 curl: Leak of authentication credentials in URL via automatic Referer

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22876

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22922 中危 7.69.1-r1 7.78.0-r0 curl: Content not matching hash in Metalink is not being discarded

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22922

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:12
libcurl CVE-2021-22923 中危 7.69.1-r1 7.78.0-r0 curl: Metalink download sends credentials

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22923

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libcurl CVE-2021-22925 中危 7.69.1-r1 7.78.0-r0 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22925

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libssl1.1 CVE-2020-1971 中危 1.1.1g-r0 1.1.1i-r0 openssl: EDIPARTYNAME NULL pointer de-reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-23841 中危 1.1.1g-r0 1.1.1j-r0 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1 CVE-2021-3449 中危 1.1.1g-r0 1.1.1k-r0 openssl: NULL pointer dereference in signature_algorithms processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
libuuid CVE-2021-3995 中危 2.35.2-r0 2.37.3-r0 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3995

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2022-08-23 20:15 修改: 2024-01-07 09:15
nodejs CVE-2020-8287 中危 12.18.4-r0 12.20.1-r0 nodejs: HTTP request smuggling via two copies of a header field in an http request

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8287

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-01-06 21:15 修改: 2023-11-07 03:26
nodejs CVE-2021-22918 中危 12.18.4-r0 12.22.2-r0 libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22918

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-07-12 11:15 修改: 2024-01-16 13:15
nodejs CVE-2021-22939 中危 12.18.4-r0 12.22.5-r0 nodejs: Incomplete validation of tls rejectUnauthorized parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22939

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-16 19:15 修改: 2024-01-05 10:15
ssl_client CVE-2021-42374 中危 1.31.1-r19 1.31.1-r21 busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
nodejs CVE-2021-22959 中危 12.18.4-r0 12.22.10-r0 llhttp: HTTP Request Smuggling due to spaces in headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22959

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-15 15:15 修改: 2022-12-09 16:14
nodejs CVE-2021-22960 中危 12.18.4-r0 12.22.10-r0 llhttp: HTTP Request Smuggling when parsing the body of chunked requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22960

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-03 20:15 修改: 2023-01-20 02:04
nodejs CVE-2021-3672 中危 12.18.4-r0 12.22.5-r0 c-ares: Missing input validation of host names may lead to domain hijacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3672

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-23 19:15 修改: 2024-01-05 10:15
libcurl CVE-2021-22898 低危 7.69.1-r1 7.77.0-r0 curl: TELNET stack contents disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22898

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-06-11 16:15 修改: 2024-03-27 15:47
libcurl CVE-2021-22924 低危 7.69.1-r1 7.78.0-r0 curl: Bad connection reuse due to flawed path name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22924

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-08-05 21:15 修改: 2024-03-27 15:11
libcrypto1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcurl CVE-2020-8284 低危 7.69.1-r1 7.74.0-r0 curl: FTP PASV command response can cause curl to connect to arbitrary host

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8284

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2020-12-14 20:15 修改: 2024-04-08 22:50
libcurl CVE-2021-22890 低危 7.69.1-r1 7.76.0-r0 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22890

镜像层: sha256:e221868caf512ef1b95268031afb93fd03196d571c23e2c36a79f0e66cdcd039

发布日期: 2021-04-01 18:15 修改: 2024-03-27 15:47
libssl1.1 CVE-2021-23839 低危 1.1.1g-r0 1.1.1j-r0 openssl: incorrect SSLv2 rollback protection

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839

镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54

发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
Node.js (node-pkg)
低危漏洞:12 中危漏洞:39 高危漏洞:51 严重漏洞:9
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
@babel/traverse CVE-2023-45133 严重 7.12.5 7.23.2, 8.0.0-alpha.4 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-10-12 17:15 修改: 2023-10-24 16:52
eventsource CVE-2022-1650 严重 1.0.7 1.1.1, 2.0.2 eventsource: Exposure of Sensitive Information

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1650

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-05-12 11:15 修改: 2023-08-02 09:15
json-schema CVE-2021-3918 严重 0.2.3 0.4.0 nodejs-json-schema: Prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-11-13 09:15 修改: 2023-02-03 19:15
loader-utils CVE-2022-37601 严重 1.2.3 2.0.3, 1.4.1 loader-utils: prototype pollution in function parseQuery in parseQuery.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37601

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-12 20:15 修改: 2023-02-28 15:02
loader-utils CVE-2022-37601 严重 1.4.0 2.0.3, 1.4.1 loader-utils: prototype pollution in function parseQuery in parseQuery.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37601

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-12 20:15 修改: 2023-02-28 15:02
merge-deep CVE-2021-26707 严重 3.0.2 3.0.3 nodejs-merge-deep: Prototype pollution of Object.prototype via a constructor payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-26707

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-06-02 15:15 修改: 2022-12-02 19:37
minimist CVE-2021-44906 严重 1.2.5 1.2.6, 0.2.4 minimist: prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
shell-quote CVE-2021-42740 严重 1.7.2 1.7.3 The shell-quote package before 1.7.3 for Node.js allows command inject ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42740

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-10-21 15:15 修改: 2021-10-28 13:54
url-parse CVE-2022-0686 严重 1.4.7 1.5.8 npm-url-parse: Authorization bypass through user-controlled key

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0686

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-20 13:15 修改: 2023-02-23 03:15
browserify-sign CVE-2023-46234 高危 4.2.1 4.2.2 browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46234

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-10-26 15:15 修改: 2024-02-28 03:15
decode-uri-component CVE-2022-38900 高危 0.2.0 0.2.1 decode-uri-component: improper input validation resulting in DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38900

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-11-28 13:15 修改: 2023-11-07 03:50
dns-packet CVE-2021-23386 高危 1.3.1 5.2.2, 1.3.2 dns-packet: does not always fill buffers before forming network packets which couls result in Remote Memory Exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23386

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-05-20 17:15 修改: 2022-07-12 17:42
ansi-html CVE-2021-23424 高危 0.0.7 0.0.8 nodejs-ansi-html: ReDoS via crafted string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23424

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-18 17:15 修改: 2022-08-04 19:26
follow-redirects CVE-2022-0155 高危 1.13.0 1.14.7 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0155

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-01-10 20:15 修改: 2022-10-28 17:54
glob-parent CVE-2020-28469 高危 5.1.1 5.1.2 nodejs-glob-parent: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28469

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-06-03 16:15 修改: 2022-03-29 16:39
http-proxy-middleware CVE-2024-21536 高危 0.19.1 2.0.7, 3.0.3 http-proxy-middleware: Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21536

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-10-19 05:15 修改: 2024-11-01 18:03
ini CVE-2020-7788 高危 1.3.5 1.3.6 nodejs-ini: Prototype pollution via malicious INI file

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
ip CVE-2024-29415 高危 1.1.5 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
is-svg CVE-2021-28092 高危 3.0.0 4.2.2 nodejs-is-svg: ReDoS via malicious string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28092

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-12 22:15 修改: 2023-08-08 14:22
is-svg CVE-2021-29059 高危 3.0.0 4.3.0 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29059

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-06-21 16:15 修改: 2021-11-04 14:17
ansi-regex CVE-2021-3807 高危 3.0.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
json5 CVE-2022-46175 高危 1.0.1 2.2.2, 1.0.2 json5: Prototype Pollution in JSON5 via Parse Method

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46175

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-12-24 04:15 修改: 2023-11-26 01:15
json5 CVE-2022-46175 高危 2.1.3 2.2.2, 1.0.2 json5: Prototype Pollution in JSON5 via Parse Method

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46175

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-12-24 04:15 修改: 2023-11-26 01:15
ansi-regex CVE-2021-3807 高危 4.1.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
loader-utils CVE-2022-37599 高危 1.2.3 1.4.2, 2.0.4, 3.2.1 loader-utils: regular expression denial of service in interpolateName.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37599

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-11 19:15 修改: 2024-02-28 03:15
loader-utils CVE-2022-37603 高危 1.2.3 1.4.2, 2.0.4, 3.2.1 loader-utils: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37603

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-14 16:15 修改: 2023-11-07 03:49
ansi-regex CVE-2021-3807 高危 5.0.0 6.0.1, 5.0.1, 4.1.1, 3.0.1 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
loader-utils CVE-2022-37599 高危 1.4.0 1.4.2, 2.0.4, 3.2.1 loader-utils: regular expression denial of service in interpolateName.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37599

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-11 19:15 修改: 2024-02-28 03:15
loader-utils CVE-2022-37603 高危 1.4.0 1.4.2, 2.0.4, 3.2.1 loader-utils: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37603

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-14 16:15 修改: 2023-11-07 03:49
lodash CVE-2021-23337 高危 4.17.20 4.17.21 nodejs-lodash: command injection via template

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
lodash.template CVE-2021-23337 高危 4.5.0 nodejs-lodash: command injection via template

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25
async CVE-2021-43138 高危 2.6.3 3.2.2, 2.6.4 async: Prototype Pollution in async

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43138

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-04-06 17:15 修改: 2024-06-21 19:15
minimatch CVE-2022-3517 高危 3.0.4 3.0.5 nodejs-minimatch: ReDoS via the braceExpand function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
body-parser CVE-2024-45590 高危 1.19.0 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-09-10 16:15 修改: 2024-09-20 16:26
node-forge CVE-2022-24771 高危 0.10.0 1.3.0 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24771

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-03-18 14:15 修改: 2022-03-28 13:53
node-forge CVE-2022-24772 高危 0.10.0 1.3.0 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24772

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-03-18 14:15 修改: 2022-03-28 14:10
nth-check CVE-2021-3803 高危 1.0.2 2.0.1 nodejs-nth-check: inefficient regular expression complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3803

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-17 07:15 修改: 2023-07-10 18:52
object-path CVE-2020-15256 高危 0.11.4 0.11.5 object-path: Prototype pollution could result in DoS or RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15256

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-10-19 22:15 修改: 2021-11-18 16:20
object-path CVE-2021-3805 高危 0.11.4 0.11.8 nodejs-object-path: prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3805

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-17 06:15 修改: 2023-01-30 18:24
path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
qs CVE-2022-24999 高危 6.5.2 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 express: "qs" prototype poisoning causes the hang of the node process

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
qs CVE-2022-24999 高危 6.7.0 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 express: "qs" prototype poisoning causes the hang of the node process

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
semver CVE-2022-25883 高危 5.7.1 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 6.3.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.0.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
semver CVE-2022-25883 高危 7.3.2 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
serialize-javascript CVE-2020-7660 高危 2.1.2 3.1.0 npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7660

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-06-01 15:15 修改: 2020-06-08 16:35
braces CVE-2024-4068 高危 2.3.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
ssri CVE-2021-27290 高危 6.0.1 6.0.2, 7.1.1, 8.0.1 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27290

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-12 22:15 修改: 2022-05-13 20:51
ssri CVE-2021-27290 高危 7.1.0 6.0.2, 7.1.1, 8.0.1 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27290

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-12 22:15 修改: 2022-05-13 20:51
terser CVE-2022-25858 高危 4.8.0 4.8.1, 5.14.2 terser: insecure use of regular expressions leads to ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25858

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-07-15 20:15 修改: 2023-08-08 14:22
tmpl CVE-2021-3777 高危 1.0.4 1.0.5 tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3777

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-09-15 08:15 修改: 2022-07-29 16:46
braces CVE-2024-4068 高危 3.0.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-05-14 15:42 修改: 2024-07-03 02:07
webpack-dev-middleware CVE-2024-29180 高危 3.7.2 7.1.0, 6.1.2, 5.3.4 webpack-dev-middleware: lack of URL validation may lead to file leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29180

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-03-21 17:15 修改: 2024-03-21 19:47
ws CVE-2024-37890 高危 5.2.2 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
ws CVE-2024-37890 高危 6.2.1 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44
y18n CVE-2020-7774 高危 4.0.0 3.2.2, 4.0.1, 5.0.5 nodejs-y18n: prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
yarn CVE-2019-10773 高危 1.19.1 1.22.0 nodejs-yarn: Install functionality can be abused to generate arbitrary symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10773

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2019-12-16 20:15 修改: 2023-11-07 03:02
yarn CVE-2020-8131 高危 1.19.1 1.22.0 yarn: Arbitrary filesystem write via tar expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8131

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-02-24 15:15 修改: 2020-03-24 14:47
yarn CVE-2021-4435 高危 1.19.1 1.22.13 yarn: untrusted search path

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4435

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-02-04 20:15 修改: 2024-02-13 00:38
postcss CVE-2023-44270 中危 7.0.21 8.4.31 An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44270

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-09-29 22:15 修改: 2023-10-10 17:19
postcss CVE-2021-23368 中危 7.0.35 7.0.36, 8.2.10 nodejs-postcss: Regular expression denial of service during source map parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23368

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-12 14:15 修改: 2023-11-07 03:30
postcss CVE-2021-23382 中危 7.0.35 8.2.13, 7.0.36 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23382

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-26 16:15 修改: 2023-08-08 14:22
postcss CVE-2023-44270 中危 7.0.35 8.4.31 An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44270

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-09-29 22:15 修改: 2023-10-10 17:19
express CVE-2024-29041 中危 4.17.1 4.19.2, 5.0.0-beta.3 express: cause malformed URLs to be evaluated

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-03-25 21:15 修改: 2024-03-26 12:55
lodash CVE-2020-28500 中危 4.17.20 4.17.21 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18
react-dev-utils CVE-2021-24033 中危 10.2.1 11.0.4 nodejs-react-dev-utils: function getProcessForPort concatenates input argument into a command string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-24033

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-09 01:15 修改: 2021-03-16 18:34
request CVE-2023-28155 中危 2.88.2 The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
express CVE-2024-43796 中危 4.17.1 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:07
color-string CVE-2021-29060 中危 1.5.4 1.5.5 nodejs-color-string: Regular expression denial of service when the application is provided and checks a crafted invalid HWB string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29060

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-06-21 16:15 修改: 2021-07-01 14:57
micromatch CVE-2024-4067 中危 3.1.10 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-05-14 15:42 修改: 2024-08-28 00:15
follow-redirects CVE-2022-0536 中危 1.13.0 1.14.8 follow-redirects: Exposure of Sensitive Information via Authorization Header leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0536

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-09 11:15 修改: 2023-08-02 09:15
send CVE-2024-43799 中危 0.17.1 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-09-10 15:15 修改: 2024-09-20 16:57
follow-redirects CVE-2023-26159 中危 1.13.0 1.15.4 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-01-02 05:15 修改: 2024-01-23 03:15
serve-static CVE-2024-43800 中危 1.14.1 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-09-10 15:15 修改: 2024-09-20 17:36
follow-redirects CVE-2024-28849 中危 1.13.0 1.15.6 follow-redirects: Possible credential leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-03-14 17:15 修改: 2024-03-23 03:15
sockjs CVE-2020-7693 中危 0.3.19 0.3.20 npmjs-sockjs: incorrect handling of upgrade header with the value websocket leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7693

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-07-09 14:15 修改: 2022-07-12 17:42
ajv CVE-2020-15366 中危 5.5.2 6.12.3 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
node-forge CVE-2022-0122 中危 0.10.0 1.0.0 Open Redirect in node-forge

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0122

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-01-06 05:15 修改: 2022-01-12 20:14
node-forge CVE-2022-24773 中危 0.10.0 1.3.0 node-forge: Signature verification leniency in checking `DigestInfo` structure

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24773

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-03-18 14:15 修改: 2022-03-28 14:20
node-notifier CVE-2020-7789 中危 5.4.3 8.0.1 nodejs-node-notifier: command injection due to the options params not being sanitised when being passed an array

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7789

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-12-11 10:15 修改: 2020-12-17 15:52
tough-cookie CVE-2023-26136 中危 2.5.0 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
hosted-git-info CVE-2021-23362 中危 2.8.8 2.8.9, 3.0.8 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23362

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-03-23 17:15 修改: 2023-08-08 14:22
url-parse CVE-2021-27515 中危 1.4.7 1.5.0 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27515

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-02-22 00:15 修改: 2023-02-23 03:15
url-parse CVE-2021-3664 中危 1.4.7 1.5.2 nodejs-url-parse: URL Redirection to Untrusted Site

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3664

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-07-26 12:15 修改: 2023-02-23 03:15
url-parse CVE-2022-0512 中危 1.4.7 1.5.6 nodejs-url-parse: authorization bypass through user-controlled key

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0512

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-14 16:15 修改: 2023-02-23 03:15
url-parse CVE-2022-0639 中危 1.4.7 1.5.7 npm-url-parse: Authorization Bypass Through User-Controlled Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0639

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-17 18:15 修改: 2023-02-23 03:15
url-parse CVE-2022-0691 中危 1.4.7 1.5.9 npm-url-parse: authorization bypass through user-controlled key

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0691

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2022-02-21 09:15 修改: 2023-02-23 03:15
browserslist CVE-2021-23364 中危 4.10.0 4.16.5 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23364

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-28 16:15 修改: 2023-08-08 14:22
word-wrap CVE-2023-26115 中危 1.2.3 1.2.4 word-wrap: ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26115

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2023-06-22 05:15 修改: 2024-06-21 19:15
elliptic CVE-2020-28498 中危 6.5.3 6.5.4 The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28498

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-02-02 19:15 修改: 2024-10-16 13:45
ws CVE-2021-32640 中危 5.2.2 7.4.6, 6.2.2, 5.2.3 nodejs-ws: Specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32640

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-05-25 19:15 修改: 2023-11-07 03:35
object-path CVE-2021-23434 中危 0.11.4 0.11.6 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23434

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-08-27 17:15 修改: 2023-01-30 18:24
ws CVE-2021-32640 中危 6.2.1 7.4.6, 6.2.2, 5.2.3 nodejs-ws: Specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32640

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-05-25 19:15 修改: 2023-11-07 03:35
path-parse CVE-2021-23343 中危 1.0.6 1.0.7 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23343

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-05-04 09:15 修改: 2023-11-07 03:30
yargs-parser CVE-2020-7608 中危 11.1.1 13.1.2, 15.0.1, 18.1.1, 5.0.1 nodejs-yargs-parser: prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7608

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2020-03-16 20:15 修改: 2022-11-15 16:40
browserslist CVE-2021-23364 中危 4.14.7 4.16.5 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23364

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-28 16:15 修改: 2023-08-08 14:22
postcss CVE-2021-23368 中危 7.0.21 7.0.36, 8.2.10 nodejs-postcss: Regular expression denial of service during source map parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23368

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-12 14:15 修改: 2023-11-07 03:30
postcss CVE-2021-23382 中危 7.0.21 8.2.13, 7.0.36 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23382

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2021-04-26 16:15 修改: 2023-08-08 14:22
elliptic CVE-2024-42461 低危 6.5.3 6.5.7 elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42461

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-08-02 07:16 修改: 2024-08-16 16:51
elliptic CVE-2024-48948 低危 6.5.3 6.6.0 elliptic: ECDSA signature verification error may reject legitimate transactions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-48948

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-10-15 14:15 修改: 2024-10-16 16:38
elliptic CVE-2024-48949 低危 6.5.3 6.5.6 elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-48949

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-10-10 01:15 修改: 2024-10-15 14:07
es5-ext CVE-2024-27088 低危 0.10.53 0.10.63 es5-ext contains ECMAScript 5 extensions. Passing functions with very ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27088

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-02-26 17:15 修改: 2024-02-26 22:10
cookie CVE-2024-47764 低危 0.4.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
debug CVE-2017-16137 低危 3.2.6 2.6.9, 3.1.0, 3.2.7, 4.3.1 nodejs-debug: Regular expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16137

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2018-06-07 02:29 修改: 2023-11-07 02:40
debug CVE-2017-16137 低危 4.2.0 2.6.9, 3.1.0, 3.2.7, 4.3.1 nodejs-debug: Regular expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-16137

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2018-06-07 02:29 修改: 2023-11-07 02:40
ip CVE-2023-42282 低危 1.1.5 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
elliptic CVE-2024-42459 低危 6.5.3 6.5.7 elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42459

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-08-02 07:16 修改: 2024-08-02 15:35
elliptic CVE-2024-42460 低危 6.5.3 6.5.7 elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-42460

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 2024-08-02 07:16 修改: 2024-08-02 16:35
node-forge GHSA-5rrq-pxf6-6jx5 低危 0.10.0 1.0.0 Prototype Pollution in node-forge debug API.

漏洞详情: https://github.com/advisories/GHSA-5rrq-pxf6-6jx5

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
node-forge GHSA-gf8q-jrpm-jvxq 低危 0.10.0 1.0.0 URL parsing in node-forge could lead to undesired behavior.

漏洞详情: https://github.com/advisories/GHSA-gf8q-jrpm-jvxq

镜像层: sha256:ef531412963c5d3fa09d7bb0b06a08412b48c87329d3ae7dfaf7330a64b60e7a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00