docker.io/hoppscotch/hoppscotch:2026.6.0 linux/amd64

docker.io/hoppscotch/hoppscotch:2026.6.0 - Trivy安全扫描结果 扫描时间: 2026-07-13 11:44
全部漏洞信息
低危漏洞:1 中危漏洞:21 高危漏洞:13 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-07-13 11:44

docker.io/hoppscotch/hoppscotch:2026.6.0 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
c-ares CVE-2026-33630 高危 1.34.6-r0 1.34.8-r0 c-ares: c-ares: Use-after-free / double-free in query-completion handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33630

镜像层: sha256:0c128b659a783d15e49517221f083ab1e5e826975de5282c0f1909f2a2826e95

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

Node.js (node-pkg)
低危漏洞:1 中危漏洞:19 高危漏洞:10 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
linkify-it CVE-2026-48801 高危 5.0.0 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

nodemailer GHSA-p6gq-j5cr-w38f 高危 7.0.13 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

pnpm CVE-2026-50015 高危 10.33.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50015

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50016 高危 10.33.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50016

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 23:57

pnpm CVE-2026-55487 高危 10.33.4 10.34.2, 11.5.3 pnpm: pnpm: Supply chain compromise via manipulated package source strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55487

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55697 高危 10.33.4 11.5.3 pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55697

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-55698 高危 10.33.4 10.34.2, 11.5.3 pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55698

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:03

pnpm GHSA-72r4-9c5j-mj57 高危 10.33.4 10.34.4, 11.7.0 pnpm: `patch-remove` could delete project-selected files outside the patches directory

漏洞详情: https://github.com/advisories/GHSA-72r4-9c5j-mj57

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-27 00:12 修改: 2026-06-27 00:12

pnpm GHSA-fr4h-3cph-29xv 高危 10.33.4 10.34.4, 11.7.0 pnpm: Hoisted install imports lockfile alias outside node_modules

漏洞详情: https://github.com/advisories/GHSA-fr4h-3cph-29xv

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-27 00:02 修改: 2026-06-27 00:03

pnpm GHSA-qrv3-253h-g69c 高危 10.33.4 10.34.4, 11.8.0 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

漏洞详情: https://github.com/advisories/GHSA-qrv3-253h-g69c

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-27 00:13 修改: 2026-06-27 00:13

nodemailer GHSA-wqvq-jvpq-h66f 中危 7.0.13 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

js-yaml CVE-2026-53550 中危 4.1.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-06-22 16:16 修改: 2026-07-09 20:33

@hono/node-server CVE-2026-39406 中危 1.19.11 1.19.13 @hono/node-server: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39406

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

mjml CVE-2025-67898 中危 5.0.0-alpha.4 5.0.0-alpha.9 MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67898

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2025-12-14 22:15 修改: 2026-06-17 09:58

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

nodemailer GHSA-268h-hp4c-crq3 中危 7.0.13 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 7.0.13 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 7.0.13 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

pnpm CVE-2026-50014 中危 10.33.4 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50014

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:14

pnpm CVE-2026-50017 中危 10.33.4 10.34.0, 11.4.0 pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50017

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-50021 中危 10.33.4 11.4.0, 10.34.1 pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50021

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50573 中危 10.33.4 10.34.0, 11.4.0 pnpm: pnpm: Package integrity check bypass allows installation of malicious content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50573

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-55180 中危 10.33.4 10.34.2, 11.5.3 pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55180

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55699 中危 10.33.4 10.34.2, 11.5.3 pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55699

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

qs CVE-2026-8723 中危 6.15.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

serialize-javascript CVE-2026-34043 中危 7.0.3 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:79d8dc0b282a281f9e9a78dd13c52a95aeb15fdd3c5a799e19c13f77f8f62d57

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

tar CVE-2026-53655 中危 7.5.13 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:56323f8989e6225c91d8945cd9c87377047471a4f46cbca74dce087b888b8dea

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

nodemailer GHSA-c7w3-x93f-qmm8 低危 7.0.13 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:63d82252533292fe55ab0476182c197e12eaa3c6f669fa2fe746728f498db19a

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

usr/bin/caddy (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:509467167b82be37a4d6c51ce935b3a769189b0f2fba2c2bc1f3f9d617faf92c

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:509467167b82be37a4d6c51ce935b3a769189b0f2fba2c2bc1f3f9d617faf92c

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

golang.org/x/crypto GO-2026-5932 未知 v0.52.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:509467167b82be37a4d6c51ce935b3a769189b0f2fba2c2bc1f3f9d617faf92c

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

usr/local/bin/webapp-server (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:6800930d958d3baafc17483c26282f59a4debe67e37e37cfa33fdfc340a67b3f

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:6800930d958d3baafc17483c26282f59a4debe67e37e37cfa33fdfc340a67b3f

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

/site/selfhost-web/assets/thumbs-down-Cw5HaQBx.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/site/selfhost-web/assets/thumbs-down-Cw5HaQBx.js.map ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×