docker.io/hanxi/xiaomusic:v0.5.3 linux/arm64

docker.io/hanxi/xiaomusic:v0.5.3 - Trivy安全扫描结果 扫描时间: 2026-06-15 12:20 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:20 中危漏洞:17 高危漏洞:5 严重漏洞:0

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-06-15 12:20

docker.io/hanxi/xiaomusic:v0.5.3 (alpine 3.23.4) (alpine)
低危漏洞:20 中危漏洞:10 高危漏洞:5 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
lcms2 CVE-2026-41254 高危 2.17-r0 2.19-r0 Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41254

镜像层: sha256:512d727a2f211ba8eacdcd78085adbbda6b6630391d1c49d1899febae6e1a84c

发布日期: 2026-04-18 07:16 修改: 2026-05-07 18:16
libcrypto3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
libssl3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
libxml2 CVE-2026-6732 高危 2.13.9-r0 2.13.9-r1 libxml2: libxml2: Denial of Service via crafted XSD-validated document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6732

镜像层: sha256:512d727a2f211ba8eacdcd78085adbbda6b6630391d1c49d1899febae6e1a84c

发布日期: 2026-04-23 23:16 修改: 2026-05-15 14:36
nghttp2-libs CVE-2026-27135 高危 1.68.0-r0 1.68.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:512d727a2f211ba8eacdcd78085adbbda6b6630391d1c49d1899febae6e1a84c

发布日期: 2026-03-18 18:16 修改: 2026-05-13 22:16
libcrypto3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libpng CVE-2026-40930 中危 1.6.57-r0 1.6.58-r1 LIBPNG is a reference library for use in applications that process PNG ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40930

镜像层: sha256:512d727a2f211ba8eacdcd78085adbbda6b6630391d1c49d1899febae6e1a84c

发布日期: 2026-06-04 16:16 修改: 2026-06-04 16:23
libcrypto3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 16:17
libssl3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 16:17
libcrypto3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
xz-libs CVE-2026-34743 中危 5.8.2-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:5efbbe46739f7211db148bd3444acc0cce4a24fac56845c4c2e0ef17e7929143

发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libcrypto3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libcrypto3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
Node.js (node-pkg)
低危漏洞:0 中危漏洞:1 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
qs CVE-2026-8723 中危 6.15.1 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:02960443e5ed57d2412b59c55d057fc26bfb0fffbe8838de097e2e0b494adc0b

发布日期: 2026-05-17 00:16 修改: 2026-05-18 20:23
Python (python-pkg)
低危漏洞:0 中危漏洞:6 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
aiohttp CVE-2026-34993 中危 3.13.5 3.14.0 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993

镜像层: sha256:8f9193f848c032e6bf37dd59210ce27ebaf0f7b2dfbd3b7916b75a47ea09652a

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp CVE-2026-47265 中危 3.13.5 3.14.0 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265

镜像层: sha256:8f9193f848c032e6bf37dd59210ce27ebaf0f7b2dfbd3b7916b75a47ea09652a

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
idna CVE-2026-45409 中危 3.13 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:8f9193f848c032e6bf37dd59210ce27ebaf0f7b2dfbd3b7916b75a47ea09652a

发布日期: 2026-06-05 23:16 修改: 2026-06-08 15:02
pip CVE-2026-3219 中危 26.0.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:5efbbe46739f7211db148bd3444acc0cce4a24fac56845c4c2e0ef17e7929143

发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
pip CVE-2026-6357 中危 26.0.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:5efbbe46739f7211db148bd3444acc0cce4a24fac56845c4c2e0ef17e7929143

发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
starlette CVE-2026-48710 中危 1.0.0 1.0.1 starlette: Starlette: Security restriction bypass via malformed HTTP Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710

镜像层: sha256:8f9193f848c032e6bf37dd59210ce27ebaf0f7b2dfbd3b7916b75a47ea09652a

发布日期: 2026-05-26 22:16 修改: 2026-06-03 02:14
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/adultswim.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/aenetworks.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/blackboardcollaborate.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/cloudflarestream.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/espn.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/go.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/nbc.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/shahid.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/tbs.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/vice.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息