docker.io/langgenius/dify-api:0.10.1 linux/amd64

docker.io/langgenius/dify-api:0.10.1 - Trivy安全扫描结果 扫描时间: 2024-10-24 11:10
全部漏洞信息
低危漏洞:2 中危漏洞:9 高危漏洞:7 严重漏洞:4

系统OS: debian trixie/sid 扫描引擎: Trivy 扫描时间: 2024-10-24 11:10

docker.io/langgenius/dify-api:0.10.1 (debian trixie/sid) (debian)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:0 中危漏洞:7 高危漏洞:3 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
json-schema CVE-2021-3918 严重 0.2.3 0.4.0 nodejs-json-schema: Prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2021-11-13 09:15 修改: 2023-02-03 19:15

minimist CVE-2021-44906 严重 1.2.5 1.2.6, 0.2.4 minimist: prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15

lodash CVE-2021-23337 高危 4.17.20 4.17.21 nodejs-lodash: command injection via template

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2021-02-15 13:15 修改: 2022-09-13 21:25

qs CVE-2022-24999 高危 6.5.2 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 express: "qs" prototype poisoning causes the hang of the node process

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15

ws CVE-2024-37890 高危 7.3.1 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-06-17 20:15 修改: 2024-06-20 12:44

request CVE-2023-28155 中危 2.88.2 The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15

tough-cookie CVE-2023-26136 中危 2.5.0 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15

tough-cookie CVE-2023-26136 中危 2.5.0 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15

tough-cookie CVE-2023-26136 中危 3.0.1 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15

word-wrap CVE-2023-26115 中危 1.2.3 1.2.4 word-wrap: ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26115

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-06-22 05:15 修改: 2024-06-21 19:15

lodash CVE-2020-28500 中危 4.17.20 4.17.21 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28500

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2021-02-15 11:15 修改: 2022-09-13 21:18

ws CVE-2021-32640 中危 7.3.1 7.4.6, 6.2.2, 5.2.3 nodejs-ws: Specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32640

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2021-05-25 19:15 修改: 2023-11-07 03:35

Python (python-pkg)
低危漏洞:2 中危漏洞:2 高危漏洞:4 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
qdrant-client CVE-2024-3829 严重 1.7.3 1.9.0 qdrant input validation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3829

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-06-03 10:15 修改: 2024-06-03 14:46

transformers CVE-2023-6730 严重 4.35.2 4.36.0 transformers has a Deserialization of Untrusted Data vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6730

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-12-19 13:15 修改: 2023-12-28 17:15

nltk CVE-2024-39705 高危 3.8.1 3.9 NLTK through 3.8.1 allows remote code execution if untrusted packages ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39705

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-06-27 22:15 修改: 2024-09-15 20:35

setuptools CVE-2024-6345 高危 65.5.1 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:796a04bf70eb72fc9cf36180aa30768848a0d4b0f663949ef4458236f758f210

发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00

py CVE-2022-42969 高危 1.11.0 py: ReDoS in py library when used with subversion

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42969

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2022-10-16 06:15 修改: 2024-08-03 14:15

transformers CVE-2023-7018 高危 4.35.2 4.36.0 transformers has a Deserialization of Untrusted Data vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7018

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2023-12-20 17:15 修改: 2023-12-30 03:13

requests CVE-2024-35195 中危 2.31.0 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-05-20 21:15 修改: 2024-06-10 17:16

pip CVE-2023-5752 中危 23.0.1 23.3 pip: Mercurial configuration injectable in repo revision when installing via pip

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752

镜像层: sha256:796a04bf70eb72fc9cf36180aa30768848a0d4b0f663949ef4458236f758f210

发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15

sentry-sdk CVE-2024-40647 低危 1.44.1 2.8.0 sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40647

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-07-18 17:15 修改: 2024-07-19 13:01

transformers CVE-2024-3568 低危 4.35.2 4.38.0 Transformers Deserialization of Untrusted Data vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3568

镜像层: sha256:2d7b5f08eb770e8766ca20b2129f9ef61347ff5c6edbf364987221ea064452f4

发布日期: 2024-04-10 17:15 修改: 2024-04-10 19:49

/app/api/.venv/lib/python3.10/site-packages/PyJWT-2.8.0.dist-info/METADATA ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息