docker.io/huanhq99/flixpilot:latest linux/arm64

docker.io/huanhq99/flixpilot:latest - Trivy安全扫描结果 扫描时间: 2026-06-10 13:58 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:5 中危漏洞:13 高危漏洞:17 严重漏洞:1

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-06-10 13:58

docker.io/huanhq99/flixpilot:latest (alpine 3.23.4) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:5 中危漏洞:13 高危漏洞:17 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
next CVE-2025-29927 严重 15.1.11 13.5.9, 14.2.25, 15.2.3, 12.3.5 nextjs: Authorization Bypass in Next.js Middleware

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29927

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2025-03-21 15:15 修改: 2025-09-10 15:49
glob CVE-2025-64756 高危 10.4.2 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2025-11-17 18:15 修改: 2025-12-02 19:34
minimatch CVE-2026-26996 高危 9.0.5 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-02-20 03:16 修改: 2026-03-06 21:32
minimatch CVE-2026-27903 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
minimatch CVE-2026-27904 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2024-11-08 05:15 修改: 2026-04-15 00:35
next CVE-2026-44573 高危 15.1.11 15.5.16, 16.2.5 next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:24
next CVE-2026-44578 高危 15.1.11 15.5.16, 16.2.5 Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next CVE-2026-44579 高危 15.1.11 15.5.16, 16.2.5 next.js: Next.js: Denial of Service via crafted POST requests to server actions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44579

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next GHSA-8h8q-6873-q5fj 高危 15.1.11 15.5.16, 16.2.5 Next.js Vulnerable to Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
next GHSA-h25m-26qc-wcjf 高危 15.1.11 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5 Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

漏洞详情: https://github.com/advisories/GHSA-h25m-26qc-wcjf

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-01-28 15:38 修改: 2026-01-28 15:38
next GHSA-q4gf-8mx6-v5v3 高危 15.1.11 15.5.15, 16.2.3 Next.js has a Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-01-16 22:16 修改: 2026-02-18 16:20
tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-01-20 01:15 修改: 2026-02-18 15:50
tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-01-28 01:16 修改: 2026-02-02 14:30
tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-02-20 02:16 修改: 2026-02-20 19:24
tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
next CVE-2026-27980 中危 15.1.11 16.1.7, 15.5.14 next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:52
next CVE-2026-29057 中危 15.1.11 16.1.7, 15.5.13 next.js: Next.js: HTTP request smuggling in rewrites

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:49
next CVE-2026-44576 中危 15.1.11 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning vulnerability in React Server Components

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 17:16 修改: 2026-05-14 13:44
next CVE-2026-44577 中危 15.1.11 15.5.16, 16.2.5 Next.js: Next.js: Denial of Service via Image Optimization API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 17:16 修改: 2026-05-13 20:00
next CVE-2026-44580 中危 15.1.11 15.5.16, 16.2.5 Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:33
next CVE-2026-44581 中危 15.1.11 15.5.16, 16.2.5 next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:30
postcss CVE-2026-41305 中危 8.4.31 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-04-24 03:16 修改: 2026-04-24 17:16
brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
next CVE-2025-55173 中危 15.1.11 14.2.31, 15.4.5 nextjs: Next.js Content Injection Vulnerability for Image Optimization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55173

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:42
next CVE-2025-57752 中危 15.1.11 14.2.31, 15.4.5 nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57752

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:43
next CVE-2025-57822 中危 15.1.11 14.2.32, 15.4.7 Next.js Improper Middleware Redirect Handling Leads to SSRF

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57822

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:41
next CVE-2025-59471 中危 15.1.11 15.5.10, 16.1.5 next: NextJS Denial of Service in Image Optimizer

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59471

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-01-26 22:15 修改: 2026-02-13 15:03
next CVE-2025-48068 低危 15.1.11 15.2.2, 14.2.30 next.js: Information exposure in Next.js dev server due to lack of origin verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48068

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2025-05-30 04:15 修改: 2025-09-10 15:17
next CVE-2026-44572 低危 15.1.11 15.5.16, 16.2.5 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 16:16 修改: 2026-05-15 15:46
next CVE-2026-44582 低危 15.1.11 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning allows incorrect response delivery

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582

镜像层: sha256:6fbe3154a9d558e8349af179a1b8038f55d3c14d3726aca8960574877b950a50

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:15
brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2025-06-09 19:15 修改: 2026-04-29 01:00
diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:21e4f00ae03f714ca184b962b542ebb67dc73b5c2f7200659becdef9bdfe320e

发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23