docker.io/kserve/kserve-controller:latest linux/amd64

docker.io/kserve/kserve-controller:latest - Trivy安全扫描结果扫描时间: 2026-06-24 17:32

全部漏洞信息

低危漏洞:0

中危漏洞:5

高危漏洞:18

严重漏洞:0

系统OS: debian 13.5 扫描引擎: Trivy 扫描时间: 2026-06-24 17:32

docker.io/kserve/kserve-controller:latest (debian 13.5) (debian)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

manager (gobinary)

低危漏洞:0

中危漏洞:5

高危漏洞:18

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
github.com/go-jose/go-jose/v4	CVE-2026-34986	高危	v4.1.3	4.1.4	github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-04-06 17:17 修改: 2026-06-17 10:39
github.com/kedacore/keda/v2	CVE-2025-68476	高危	v2.18.0	2.18.3, 2.17.3	github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68476 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2025-12-22 22:16 修改: 2026-06-17 09:59
github.com/open-telemetry/opentelemetry-operator	CVE-2026-47701	高危	v0.113.0	0.152.0	OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47701 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/crypto	CVE-2026-39827	高危	v0.49.0	0.52.0	An authenticated SSH client that repeatedly opened channels which were ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39828	高危	v0.49.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39829	高危	v0.49.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39830	高危	v0.49.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39835	高危	v0.49.0	0.52.0	SSH servers which use CertChecker as a public key callback without set ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-42508	高危	v0.49.0	0.52.0	golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-46595	高危	v0.49.0	0.52.0	golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-46597	高危	v0.49.0	0.52.0	An incorrectly placed cast from bytes to int allowed for server-side p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/net	CVE-2026-25680	高危	v0.52.0	0.55.0	Parsing arbitrary HTML can consume excessive CPU time, possibly leadin ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-25681	高危	v0.52.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25
golang.org/x/net	CVE-2026-27136	高危	v0.52.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26
golang.org/x/net	CVE-2026-33814	高危	v0.52.0	0.53.0	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:38
golang.org/x/net	CVE-2026-39821	高危	v0.52.0	0.55.0	golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:42
golang.org/x/net	CVE-2026-42502	高危	v0.52.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/net	CVE-2026-42506	高危	v0.52.0	0.55.0	Parsing arbitrary HTML which is then rendered using Render can result ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47
golang.org/x/crypto	CVE-2026-39833	中危	v0.49.0	0.52.0	The in-memory keyring returned by NewKeyring() silently accepted keys ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39834	中危	v0.49.0	0.52.0	When writing data larger than 4GB in a single Write call on an SSH cha ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-46598	中危	v0.49.0	0.52.0	golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53
golang.org/x/crypto	CVE-2026-39831	中危	v0.49.0	0.52.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/crypto	CVE-2026-39832	中危	v0.49.0	0.52.0	When adding a key to a remote agent constraint extensions such as rest ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42
golang.org/x/sys	CVE-2026-39824	未知	v0.42.0	0.44.0	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824 镜像层: sha256:a4a752d59b51d43dbd2f2e9d4c0469b4625bd10a6552df5d005c96c3403ed88c 发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42