docker.io/kiwigrid/k8s-sidecar:1.27.6 linux/amd64

docker.io/kiwigrid/k8s-sidecar:1.27.6 - Trivy安全扫描结果 扫描时间: 2026-06-11 15:13
全部漏洞信息
低危漏洞:26 中危漏洞:31 高危漏洞:38 严重漏洞:5

系统OS: alpine 3.20.2 扫描引擎: Trivy 扫描时间: 2026-06-11 15:13

docker.io/kiwigrid/k8s-sidecar:1.27.6 (alpine 3.20.2) (alpine)
低危漏洞:24 中危漏洞:20 高危漏洞:26 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libexpat CVE-2024-45491 严重 2.6.2-r0 2.6.3-r0 libexpat: Integer Overflow or Wraparound

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libexpat CVE-2024-45492 严重 2.6.2-r0 2.6.3-r0 libexpat: integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libssl3 CVE-2026-31789 严重 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
sqlite-libs CVE-2025-6965 严重 3.45.3-r1 3.45.3-r3 sqlite: Integer Truncation in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6965

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2025-07-15 14:15 修改: 2026-04-14 10:16
libcrypto3 CVE-2026-28387 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28388 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28389 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28390 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2024-12797 高危 3.3.1-r3 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-02-11 16:15 修改: 2026-04-15 00:35
libcrypto3 CVE-2024-6119 高危 3.3.1-r3 3.3.2-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
libexpat CVE-2024-45490 高危 2.6.2-r0 2.6.3-r0 libexpat: Negative Length Parsing Vulnerability in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libexpat CVE-2025-59375 高危 2.6.2-r0 2.7.2-r0 firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59375

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2025-09-15 03:15 修改: 2026-05-12 13:17
libexpat CVE-2026-25210 高危 2.6.2-r0 2.7.4-r0 libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25210

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-01-30 07:16 修改: 2026-06-02 14:16
libcrypto3 CVE-2025-15467 高危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-06-09 10:16
libssl3 CVE-2024-12797 高危 3.3.1-r3 3.3.3-r0 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-02-11 16:15 修改: 2026-04-15 00:35
libssl3 CVE-2024-6119 高危 3.3.1-r3 3.3.2-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
libssl3 CVE-2025-15467 高危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-06-09 10:16
libssl3 CVE-2025-69421 高危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28387 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28388 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28389 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28390 高危 3.3.1-r3 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
musl CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
musl CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
musl-utils CVE-2025-26519 高危 1.2.5-r0 1.2.5-r1 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
musl-utils CVE-2026-40200 高危 1.2.5-r0 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
libcrypto3 CVE-2025-69421 高危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
sqlite-libs CVE-2025-29087 高危 3.45.3-r1 3.45.3-r2 sqlite: Integer Overflow in SQLite concat_ws Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29087

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2025-04-07 20:15 修改: 2025-04-30 12:43
xz-libs CVE-2025-31115 高危 5.6.2-r0 5.6.2-r1 xz: XZ has a heap-use-after-free bug in threaded .xz decoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31115

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2025-04-03 17:15 修改: 2026-05-12 13:16
zlib CVE-2026-22184 高危 1.3.1-r1 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-07 21:16 修改: 2026-03-18 16:26
libexpat CVE-2024-50602 中危 2.6.2-r0 2.6.4-r0 libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2024-10-27 05:15 修改: 2025-10-15 17:54
libexpat CVE-2024-8176 中危 2.6.2-r0 2.7.0-r0 libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8176

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2025-03-14 09:15 修改: 2026-04-15 00:35
libexpat CVE-2026-32776 中危 2.6.2-r0 2.7.5-r0 libexpat: libexpat: Denial of Service due to NULL pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32776

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
libssl3 CVE-2025-69419 中危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-9230 中危 3.3.1-r3 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
libssl3 CVE-2025-9231 中危 3.3.1-r3 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
libssl3 CVE-2026-31790 中危 3.3.1-r3 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libexpat CVE-2026-32777 中危 2.6.2-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32777

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
libexpat CVE-2026-32778 中危 2.6.2-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32778

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
musl CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
libcrypto3 CVE-2026-31790 中危 3.3.1-r3 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
busybox-binsh CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
musl-utils CVE-2026-6042 中危 1.2.5-r0 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
busybox CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
libcrypto3 CVE-2025-69419 中危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
ssl_client CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
libcrypto3 CVE-2025-9230 中危 3.3.1-r3 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
xz-libs CVE-2026-34743 中危 5.6.2-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libcrypto3 CVE-2025-9231 中危 3.3.1-r3 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
zlib CVE-2026-27171 中危 1.3.1-r1 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-02-18 04:16 修改: 2026-03-25 21:27
libssl3 CVE-2024-13176 低危 3.3.1-r3 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
libssl3 CVE-2024-9143 低危 3.3.1-r3 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
libssl3 CVE-2025-15468 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
libssl3 CVE-2025-66199 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
libssl3 CVE-2025-68160 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69418 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69420 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-9232 低危 3.3.1-r3 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
libssl3 CVE-2026-22795 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-22796 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-22795 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-22796 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
busybox-binsh CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
busybox CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
libcrypto3 CVE-2024-13176 低危 3.3.1-r3 3.3.2-r2 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
libcrypto3 CVE-2024-9143 低危 3.3.1-r3 3.3.2-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
libcrypto3 CVE-2025-15468 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
libcrypto3 CVE-2025-66199 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
libcrypto3 CVE-2025-68160 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
ssl_client CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
libcrypto3 CVE-2025-69418 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-69420 低危 3.3.1-r3 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-9232 低危 3.3.1-r3 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
libexpat CVE-2026-24515 低危 2.6.2-r0 2.7.4-r0 libexpat: libexpat null pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24515

镜像层: sha256:13f521543aaded6cefb31cb8e0615b8ba693e0b6204b54dbed022d281c96dd97

发布日期: 2026-01-23 08:16 修改: 2026-06-02 14:16
Python (python-pkg)
低危漏洞:2 中危漏洞:11 高危漏洞:12 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
jaraco.context CVE-2026-23949 高危 5.3.0 6.1.0 jaraco.context: jaraco.context: Path traversal via malicious tar archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23949

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-01-20 01:15 修改: 2026-03-11 23:12
jaraco.context CVE-2026-23949 高危 5.3.0 6.1.0 jaraco.context: jaraco.context: Path traversal via malicious tar archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23949

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-01-20 01:15 修改: 2026-03-11 23:12
pyasn1 CVE-2026-30922 高危 0.6.0 0.6.3 pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-30922

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-03-18 04:17 修改: 2026-05-01 17:16
setuptools CVE-2025-47273 高危 72.1.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
setuptools CVE-2025-47273 高危 74.0.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
urllib3 CVE-2025-66418 高危 2.2.2 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-12-05 16:15 修改: 2025-12-10 16:08
urllib3 CVE-2025-66471 高危 2.2.2 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-12-05 17:16 修改: 2025-12-10 16:10
urllib3 CVE-2026-21441 高危 2.2.2 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-01-07 22:15 修改: 2026-01-23 09:15
urllib3 CVE-2026-44431 高危 2.2.2 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:56
wheel CVE-2026-24049 高危 0.43.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
wheel CVE-2026-24049 高危 0.43.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
wheel CVE-2026-24049 高危 0.44.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
pip CVE-2025-8869 中危 24.2 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-09-24 15:15 修改: 2026-04-15 00:35
pip CVE-2025-8869 中危 24.2 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2025-09-24 15:15 修改: 2026-04-15 00:35
pip CVE-2026-3219 中危 24.2 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
pip CVE-2026-3219 中危 24.2 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
pip CVE-2026-6357 中危 24.2 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
pip CVE-2026-6357 中危 24.2 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
urllib3 CVE-2025-50181 中危 2.2.2 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-06-19 01:15 修改: 2025-12-22 19:15
urllib3 CVE-2025-50182 中危 2.2.2 2.5.0 urllib3: urllib3 does not control redirects in browsers and Node.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-06-19 02:15 修改: 2025-12-22 19:15
idna CVE-2026-45409 中危 3.8 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-06-05 23:16 修改: 2026-06-08 15:02
requests CVE-2024-47081 中危 2.32.3 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2025-06-09 18:15 修改: 2026-04-15 00:35
requests CVE-2026-25645 中危 2.32.3 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-03-25 17:16 修改: 2026-03-30 14:23
pip CVE-2026-1703 低危 24.2 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:69ee6394877b62b1fa4d8ffade6a7d78cf66de2b22603421440c20348245edc5

发布日期: 2026-02-02 15:16 修改: 2026-04-15 00:35
pip CVE-2026-1703 低危 24.2 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:3d4d52c356301b94b9cd13727f6359652a04087d51f71f7978599f9183267f19

发布日期: 2026-02-02 15:16 修改: 2026-04-15 00:35