docker.io/hanxi/xiaomusic:v0.6.0 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:20

中危漏洞:11

高危漏洞:3

严重漏洞:0

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-06-15 10:59

docker.io/hanxi/xiaomusic:v0.6.0 (alpine 3.23.4) (alpine)

低危漏洞:20

中危漏洞:9

高危漏洞:3

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2026-45447	高危	3.5.6-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
libssl3	CVE-2026-45447	高危	3.5.6-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
libxml2	CVE-2026-6732	高危	2.13.9-r0	2.13.9-r1	libxml2: libxml2: Denial of Service via crafted XSD-validated document 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6732 镜像层: sha256:b2e187a5993005eeecffabbeeb3afc9d99124e816ed26f5048175f9b16b7450f 发布日期: 2026-04-23 23:16 修改: 2026-05-15 14:36
libcrypto3	CVE-2026-42764	中危	3.5.6-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-45445	中危	3.5.6-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libpng	CVE-2026-40930	中危	1.6.57-r0	1.6.58-r1	LIBPNG is a reference library for use in applications that process PNG ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40930 镜像层: sha256:b2e187a5993005eeecffabbeeb3afc9d99124e816ed26f5048175f9b16b7450f 发布日期: 2026-06-04 16:16 修改: 2026-06-04 16:23
libcrypto3	CVE-2026-34182	中危	3.5.6-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3	CVE-2026-34182	中危	3.5.6-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3	CVE-2026-34183	中危	3.5.6-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 16:17
libssl3	CVE-2026-42764	中危	3.5.6-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-45445	中危	3.5.6-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-34183	中危	3.5.6-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 16:17
libcrypto3	CVE-2026-45446	低危	3.5.6-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-7383	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-9076	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-34180	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-34181	低危	3.5.6-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libcrypto3	CVE-2026-42766	低危	3.5.6-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-42767	低危	3.5.6-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-42768	低危	3.5.6-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-42769	低危	3.5.6-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-34180	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-34181	低危	3.5.6-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3	CVE-2026-42766	低危	3.5.6-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42767	低危	3.5.6-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42768	低危	3.5.6-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42769	低危	3.5.6-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42770	低危	3.5.6-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-45446	低危	3.5.6-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-7383	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-9076	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libcrypto3	CVE-2026-42770	低危	3.5.6-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Python (python-pkg)

低危漏洞:0

中危漏洞:2

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
aiohttp	CVE-2026-34993	中危	3.13.5	3.14.0	aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:63db0bb70dc76c22cb9b12e6ef7c823d6d3da350ad94f5ce43a18255d462b1e0 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp	CVE-2026-47265	中危	3.13.5	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:63db0bb70dc76c22cb9b12e6ef7c823d6d3da350ad94f5ce43a18255d462b1e0 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

aiohttp

CVE-2026-34993

中危

3.13.5

3.14.0

aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993

镜像层: sha256:63db0bb70dc76c22cb9b12e6ef7c823d6d3da350ad94f5ce43a18255d462b1e0

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44

aiohttp

CVE-2026-47265

中危

3.13.5

3.14.0

python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265

镜像层: sha256:63db0bb70dc76c22cb9b12e6ef7c823d6d3da350ad94f5ce43a18255d462b1e0

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/adultswim.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/aenetworks.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/blackboardcollaborate.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/cloudflarestream.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/espn.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/go.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/nbc.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/shahid.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/tbs.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/vice.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/hanxi/xiaomusic:v0.6.0 linux/arm64

全部漏洞信息

docker.io/hanxi/xiaomusic:v0.6.0 (alpine 3.23.4) (alpine)

Node.js (node-pkg)

Python (python-pkg)

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/adultswim.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/aenetworks.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/blackboardcollaborate.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/cloudflarestream.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/espn.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/go.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/nbc.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/shahid.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/tbs.py ()

/app/.venv/lib/python3.14/site-packages/yt_dlp/extractor/vice.py ()