docker.io/library/kibana:8.11.3 linux/amd64

docker.io/library/kibana:8.11.3 - Trivy安全扫描结果 扫描时间: 2026-07-10 15:42
全部漏洞信息
低危漏洞:46 中危漏洞:154 高危漏洞:88 严重漏洞:5

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2026-07-10 15:42

docker.io/library/kibana:8.11.3 (ubuntu 20.04) (ubuntu)
低危漏洞:28 中危漏洞:72 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
bsdutils CVE-2024-28085 中危 1:2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

curl CVE-2024-2398 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.22 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

curl CVE-2024-7264 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.23 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

curl CVE-2024-8096 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.24 curl: OCSP stapling bypass with GnuTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21

fdisk CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

gpgv CVE-2025-30258 中危 2.2.19-3ubuntu2.2 2.2.19-3ubuntu2.4 gnupg: verification DoS due to a malicious subkey in the keyring

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08

libblkid1 CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libc-bin CVE-2024-2961 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.15 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

libc-bin CVE-2024-33599 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33600 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33601 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2024-33602 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc-bin CVE-2025-0395 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.17 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libc-bin CVE-2025-4802 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libc6 CVE-2024-2961 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.15 glibc: Out of bounds write in iconv may lead to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2961

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-04-17 18:15 修改: 2026-06-17 07:25

libc6 CVE-2024-33599 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: stack-based buffer overflow in netgroup cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33599

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33600 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: null pointer dereferences after failed netgroup cache insertion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33600

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33601 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: netgroup cache may terminate daemon on memory allocation failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33601

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2024-33602 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.16 glibc: netgroup cache assumes NSS callback uses in-buffer strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33602

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-05-06 20:15 修改: 2026-06-17 07:32

libc6 CVE-2025-0395 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.17 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libc6 CVE-2025-4802 中危 2.31-0ubuntu9.14 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libcurl4 CVE-2024-2398 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.22 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-03-27 08:15 修改: 2026-06-17 07:24

libcurl4 CVE-2024-7264 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.23 curl: libcurl: ASN.1 date parser overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7264

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-31 08:15 修改: 2026-06-17 08:19

libcurl4 CVE-2024-8096 中危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.24 curl: OCSP stapling bypass with GnuTLS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8096

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-09-11 10:15 修改: 2026-06-17 08:21

libexpat1 CVE-2024-45490 中危 2.2.9-1ubuntu0.6 2.2.9-1ubuntu0.7 libexpat: Negative Length Parsing Vulnerability in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

libexpat1 CVE-2024-45491 中危 2.2.9-1ubuntu0.6 2.2.9-1ubuntu0.7 libexpat: Integer Overflow or Wraparound

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

libexpat1 CVE-2024-45492 中危 2.2.9-1ubuntu0.6 2.2.9-1ubuntu0.7 libexpat: integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-08-30 03:15 修改: 2026-06-17 07:54

libexpat1 CVE-2024-50602 中危 2.2.9-1ubuntu0.6 2.2.9-1ubuntu0.8 libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-10-27 05:15 修改: 2026-06-17 08:04

libfdisk1 CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libfreetype6 CVE-2025-27363 中危 2.10.1-2ubuntu0.3 2.10.1-2ubuntu0.4 freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27363

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-03-11 14:15 修改: 2026-06-17 09:03

libgnutls30 CVE-2024-0553 中危 3.6.13-2ubuntu1.9 3.6.13-2ubuntu1.10 gnutls: incomplete fix for CVE-2023-5981

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0553

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-01-16 12:15 修改: 2026-06-17 06:53

libgnutls30 CVE-2024-12243 中危 3.6.13-2ubuntu1.9 3.6.13-2ubuntu1.12 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59

libgnutls30 CVE-2024-28834 中危 3.6.13-2ubuntu1.9 3.6.13-2ubuntu1.11 gnutls: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28834

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-21 14:15 修改: 2026-06-17 07:21

libgssapi-krb5-2 CVE-2024-3596 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.8 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libgssapi-krb5-2 CVE-2024-37370 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libgssapi-krb5-2 CVE-2024-37371 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libgssapi-krb5-2 CVE-2025-24528 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libgssapi-krb5-2 CVE-2025-3576 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.11 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libk5crypto3 CVE-2024-3596 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.8 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libk5crypto3 CVE-2024-37370 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libk5crypto3 CVE-2024-37371 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libk5crypto3 CVE-2025-24528 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libk5crypto3 CVE-2025-3576 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.11 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libkrb5-3 CVE-2024-3596 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.8 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libkrb5-3 CVE-2024-37370 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libkrb5-3 CVE-2024-37371 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libkrb5-3 CVE-2025-24528 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libkrb5-3 CVE-2025-3576 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.11 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libkrb5support0 CVE-2024-3596 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.8 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-07-09 12:15 修改: 2026-06-17 07:44

libkrb5support0 CVE-2024-37370 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 22:15 修改: 2026-06-17 07:38

libkrb5support0 CVE-2024-37371 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.6 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-28 23:15 修改: 2026-06-17 07:38

libkrb5support0 CVE-2025-24528 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2026-01-16 18:16 修改: 2026-06-17 08:59

libkrb5support0 CVE-2025-3576 中危 1.17-6ubuntu4.4 1.17-6ubuntu4.11 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-04-15 06:15 修改: 2026-06-30 01:16

libmount1 CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libnghttp2-14 CVE-2024-28182 中危 1.40.0-1ubuntu0.2 1.40.0-1ubuntu0.3 nghttp2: CONTINUATION frames DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28182

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-04-04 15:15 修改: 2026-06-17 07:21

libnss3 CVE-2023-4421 中危 2:3.49.1-1ubuntu1.9 2:3.98-0ubuntu0.20.04.1 nss: new tlsfuzzer code can still detect timing issues in RSA operations

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4421

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-12-12 17:15 修改: 2026-06-17 06:37

libnss3 CVE-2023-5388 中危 2:3.49.1-1ubuntu1.9 2:3.98-0ubuntu0.20.04.1 nss: timing attack against RSA decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5388

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-03-19 12:15 修改: 2026-06-17 06:48

libnss3 CVE-2023-6135 中危 2:3.49.1-1ubuntu1.9 2:3.98-0ubuntu0.20.04.1 nss: vulnerable to Minerva side-channel information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6135

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-12-19 14:15 修改: 2026-06-17 06:50

libpam-modules CVE-2024-22365 中危 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam-modules-bin CVE-2024-22365 中危 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam-runtime CVE-2024-22365 中危 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam0g CVE-2024-22365 中危 1.3.1-5ubuntu4.6 1.3.1-5ubuntu4.7 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libsmartcols1 CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

libsqlite3-0 CVE-2023-7104 中危 3.31.1-4ubuntu0.5 3.31.1-4ubuntu0.6 sqlite: heap-buffer-overflow at sessionfuzz

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-12-29 10:15 修改: 2026-06-17 06:52

libsqlite3-0 CVE-2025-29088 中危 3.31.1-4ubuntu0.5 3.31.1-4ubuntu0.7 sqlite: Denial of Service in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29088

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-04-10 14:15 修改: 2026-06-17 09:05

libssh-4 CVE-2023-48795 中危 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.4 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-12-18 16:15 修改: 2026-06-17 06:34

libssh-4 CVE-2023-6004 中危 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.5 libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6004

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-01-03 17:15 修改: 2026-06-17 06:49

libssh-4 CVE-2023-6918 中危 0.9.3-2ubuntu2.3 0.9.3-2ubuntu2.5 libssh: Missing checks for return values for digests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6918

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-12-19 00:15 修改: 2026-06-17 06:51

libtasn1-6 CVE-2024-12133 中危 4.16.0-2 4.16.0-2ubuntu0.1 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libuuid1 CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

mount CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

util-linux CVE-2024-28085 中危 2.34-0.1ubuntu9.4 2.34-0.1ubuntu9.6 util-linux: CVE-2024-28085: wall: escape sequence injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28085

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2024-03-27 19:15 修改: 2026-06-17 07:20

curl CVE-2024-11053 低危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.25 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

libkrb5support0 CVE-2024-26458 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libkrb5support0 CVE-2024-26461 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libldap-2.4-2 CVE-2023-2953 低危 2.4.49+dfsg-2ubuntu1.9 2.4.49+dfsg-2ubuntu1.10 openldap: null pointer dereference in ber_memalloc_x function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-05-30 22:15 修改: 2026-06-17 05:53

libldap-common CVE-2023-2953 低危 2.4.49+dfsg-2ubuntu1.9 2.4.49+dfsg-2ubuntu1.10 openldap: null pointer dereference in ber_memalloc_x function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2953

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-05-30 22:15 修改: 2026-06-17 05:53

libk5crypto3 CVE-2024-26458 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libkrb5-3 CVE-2024-26458 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libkrb5-3 CVE-2024-26461 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libssl1.1 CVE-2023-5678 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.21 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

libssl1.1 CVE-2024-0727 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.21 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

libssl1.1 CVE-2024-13176 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.24 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl1.1 CVE-2024-2511 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl1.1 CVE-2024-4741 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl1.1 CVE-2024-5535 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl1.1 CVE-2024-9143 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.24 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libk5crypto3 CVE-2024-26461 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

libcurl4 CVE-2024-11053 低危 7.68.0-1ubuntu2.21 7.68.0-1ubuntu2.25 curl: curl netrc password leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11053

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-12-11 08:15 修改: 2026-06-17 06:56

login CVE-2023-4641 低危 1:4.8.1-1ubuntu5.20.04.4 1:4.8.1-1ubuntu5.20.04.5 shadow-utils: possible password leak during passwd(1) change

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38

libgssapi-krb5-2 CVE-2024-26458 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

openssl CVE-2023-5678 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.21 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

openssl CVE-2024-0727 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.21 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

openssl CVE-2024-13176 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.24 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

openssl CVE-2024-2511 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

openssl CVE-2024-4741 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

openssl CVE-2024-5535 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.23 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

openssl CVE-2024-9143 低危 1.1.1f-1ubuntu2.20 1.1.1f-1ubuntu2.24 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

passwd CVE-2023-4641 低危 1:4.8.1-1ubuntu5.20.04.4 1:4.8.1-1ubuntu5.20.04.5 shadow-utils: possible password leak during passwd(1) change

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641

镜像层: sha256:3a03f09d212915b240e9d216069aba5652ed4765c7e4b098c65e71860d47b8e1

发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38

libgssapi-krb5-2 CVE-2024-26461 低危 1.17-6ubuntu4.4 1.17-6ubuntu4.9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:6b0590b842c0d2a467b7ef12d784f7005f24b5964aff61692904d812a1116350

发布日期: 2024-02-29 01:44 修改: 2026-06-17 07:17

Node.js (node-pkg)
低危漏洞:18 中危漏洞:82 高危漏洞:88 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
basic-ftp CVE-2026-27699 严重 5.0.3 5.2.0 basic-ftp: basic-ftp: File overwrite due to path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27699

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-25 15:20 修改: 2026-06-17 10:27

form-data CVE-2025-7783 严重 4.0.0 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

handlebars CVE-2026-33937 严重 4.7.8 4.7.9 handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33937

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

protobufjs CVE-2023-36665 严重 7.2.4 7.2.5, 6.11.4 protobufjs: prototype pollution using user-controlled protobuf message

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36665

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2023-07-05 14:15 修改: 2026-06-17 06:06

protobufjs CVE-2026-41242 严重 7.2.4 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

axios CVE-2025-27152 高危 0.21.4 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2026-25639 高危 0.21.4 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-09 21:15 修改: 2026-07-01 13:16

axios CVE-2026-42033 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42035 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-44486 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44487 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44492 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44495 高危 0.21.4 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44496 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2024-39338 高危 1.6.0 1.7.4 axios: axios: Server-Side Request Forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39338

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-08-12 13:38 修改: 2026-06-17 07:41

axios CVE-2025-27152 高危 1.6.0 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2025-58754 高危 1.6.0 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

axios CVE-2026-25639 高危 1.6.0 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-09 21:15 修改: 2026-07-01 13:16

axios CVE-2026-42033 高危 1.6.0 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42035 高危 1.6.0 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.6.0 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42264 高危 1.6.0 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-08 04:16 修改: 2026-07-08 13:16

axios CVE-2026-44486 高危 1.6.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44487 高危 1.6.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44494 高危 1.6.0 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-08 13:16

axios CVE-2026-44495 高危 1.6.0 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44496 高危 1.6.0 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

@grpc/grpc-js CVE-2026-48068 高危 1.8.17 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: A malformed request can cause a server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

basic-ftp CVE-2026-41324 高危 5.0.3 5.3.0 basic-ftp: basic-ftp: Denial of Service via unbounded memory growth from malicious directory listings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41324

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 04:16 修改: 2026-06-17 10:46

basic-ftp CVE-2026-44240 高危 5.0.3 5.3.1 basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44240

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-12 21:16 修改: 2026-06-17 10:50

basic-ftp GHSA-6v7q-wjvx-w8wg 高危 5.0.3 5.2.2 basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

漏洞详情: https://github.com/advisories/GHSA-6v7q-wjvx-w8wg

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-10 20:18 修改: 2026-04-10 20:18

braces CVE-2024-4068 高危 3.0.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

d3-color GHSA-36jr-mh4h-2g58 高危 2.0.0 3.1.0 d3-color vulnerable to ReDoS

漏洞详情: https://github.com/advisories/GHSA-36jr-mh4h-2g58

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2022-09-29 14:12 修改: 2022-09-29 14:12

expr-eval CVE-2025-12735 高危 2.0.2 expr-eval:

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12735

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-05 01:15 修改: 2026-06-17 08:32

expr-eval CVE-2025-13204 高危 2.0.2 expr-eval: expr-eval: Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13204

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-14 17:16 修改: 2026-06-17 08:33

@grpc/grpc-js CVE-2026-48069 高危 1.8.17 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

form-data CVE-2026-12143 高危 4.0.0 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-12 19:16 修改: 2026-07-08 13:16

glob CVE-2025-64756 高危 10.3.10 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

@hapi/content CVE-2026-35213 高危 5.0.2 6.0.1 @hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35213

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-06 21:16 修改: 2026-06-17 10:40

handlebars CVE-2026-33938 高危 4.7.8 4.7.9 handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33938

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

handlebars CVE-2026-33939 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33939

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33940 高危 4.7.8 4.7.9 handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33940

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33941 高危 4.7.8 4.7.9 handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33941

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

ip CVE-2024-29415 高危 1.1.8 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

js-cookie CVE-2026-46625 高危 2.2.1 3.0.7 js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-10 22:16 修改: 2026-07-08 13:16

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

langchain CVE-2025-68665 高危 0.0.151 1.2.3, 0.3.37 langchain-core: LangChain: Arbitrary Code Execution via Serialization Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68665

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-12-23 23:15 修改: 2026-06-17 09:59

langsmith CVE-2026-45134 高危 0.0.33 0.6.0 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45134

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51

linkify-it CVE-2026-48801 高危 3.0.2 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.1 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.1 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.1 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

node-forge CVE-2025-12816 高危 1.3.1 1.3.2 node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12816

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-25 20:15 修改: 2026-06-17 08:32

node-forge CVE-2025-66031 高危 1.3.1 1.3.2 node-forge: node-forge ASN.1 Unbounded Recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66031

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

node-forge CVE-2026-33891 高危 1.3.1 1.4.0 node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33891

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33894 高危 1.3.1 1.4.0 node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33894

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33895 高危 1.3.1 1.4.0 node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33895

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33896 高危 1.3.1 1.4.0 node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33896

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

nodemailer CVE-2025-14874 高危 6.6.2 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.6.2 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

openpgp CVE-2025-47934 高危 5.10.1 5.11.3, 6.1.1 OpenPGP.js's message signature verification can be spoofed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47934

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-05-19 19:15 修改: 2026-06-17 09:28

path-to-regexp CVE-2024-45296 高危 1.7.0 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

pdfjs-dist CVE-2024-4367 高危 2.13.216 4.2.67 Mozilla: Arbitrary JavaScript execution in PDF.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4367

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-05-14 18:15 修改: 2026-06-17 08:01

picomatch CVE-2026-33671 高危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

@hapi/content CVE-2026-44974 高危 5.0.2 6.0.2 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44974

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.31.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

protobufjs CVE-2026-44289 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 7.2.4 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

tar CVE-2026-23745 高危 6.1.15 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.1.15 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.1.15 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.1.15 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.1.15 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.1.15 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar-fs CVE-2024-12905 高危 3.0.4 1.16.4, 2.1.2, 3.0.7 tar-fs: link following and path traversal via maliciously crafted tar file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12905

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-03-27 17:15 修改: 2026-06-17 07:00

tar-fs CVE-2025-48387 高危 3.0.4 1.16.5, 2.1.3, 3.0.9 tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48387

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-06-02 20:15 修改: 2026-06-17 09:29

tar-fs CVE-2025-59343 高危 3.0.4 3.1.1, 2.1.4, 1.16.6 tar-fs: tar-fs symlink validation bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59343

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-09-24 18:15 修改: 2026-06-17 09:45

tmp CVE-2026-44705 高危 0.0.33 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

undici CVE-2026-12151 高危 5.26.3 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-1526 高危 5.26.3 6.24.0, 7.24.0 undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1526

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-12 21:16 修改: 2026-07-02 12:16

undici CVE-2026-2229 高危 5.26.3 6.24.0, 7.24.0 undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2229

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-12 21:16 修改: 2026-07-02 12:17

ws CVE-2024-37890 高危 8.14.2 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.14.2 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 13:20 修改: 2026-07-07 12:16

js-yaml CVE-2025-64718 中危 4.1.0 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

js-yaml CVE-2026-53550 中危 4.1.0 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

js-yaml CVE-2026-53550 中危 4.1.0 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

@babel/runtime CVE-2025-27789 中危 7.22.11 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

axios CVE-2023-45857 中危 0.21.4 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

langchain CVE-2024-7774 中危 0.0.151 0.2.19 Langchain Path Traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7774

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-10-29 13:15 修改: 2026-06-17 08:20

axios CVE-2025-62718 中危 1.6.0 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16

langsmith CVE-2026-40190 中危 0.0.33 0.5.18 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40190

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-10 20:16 修改: 2026-07-07 18:33

langsmith CVE-2026-41182 中危 0.0.33 0.5.19 LangSmith SDK: Streaming token events bypass output redaction

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41182

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-23 02:16 修改: 2026-06-17 10:46

axios CVE-2026-40175 中危 1.6.0 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19

axios CVE-2026-42034 中危 1.6.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-01-21 20:16 修改: 2026-07-03 13:16

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

markdown-it CVE-2026-48988 中危 12.3.2 14.2.0 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06

micromatch CVE-2024-4067 中危 4.0.5 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

axios CVE-2026-42036 中危 1.6.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.6.0 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.6.0 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 1.6.0 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42041 中危 1.6.0 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42042 中危 1.6.0 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42044 中危 1.6.0 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-07 12:16

axios CVE-2026-44490 中危 1.6.0 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2025-62718 中危 0.21.4 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16

axios CVE-2026-40175 中危 0.21.4 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19

axios CVE-2026-42034 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

node-forge CVE-2025-66030 中危 1.3.1 1.3.2 node-forge: node-forge: Integer Overflow allows OID-based security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66030

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

bn.js CVE-2026-2739 中危 4.11.9 4.12.3, 5.2.3 bn.js: bn.js: Denial of Service via calling maskn(0)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2739

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-20 05:17 修改: 2026-06-17 10:31

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

nodemailer CVE-2025-13033 中危 6.6.2 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.6.2 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-9h6g-pr28-7cqp 中危 6.6.2 6.9.9 nodemailer ReDoS when trying to send a specially crafted email

漏洞详情: https://github.com/advisories/GHSA-9h6g-pr28-7cqp

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-01-31 22:42 修改: 2025-09-03 15:21

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.6.2 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.6.2 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.6.2 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

axios CVE-2026-42038 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 0.21.4 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42041 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

picomatch CVE-2026-33672 中危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

prismjs CVE-2024-53382 中危 1.27.0 1.30.0 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-03-03 07:15 修改: 2026-06-17 08:08

axios CVE-2026-42042 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-44490 中危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

follow-redirects CVE-2023-26159 中危 1.15.2 1.15.4 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-01-02 05:15 修改: 2026-06-17 05:42

follow-redirects CVE-2024-28849 中危 1.15.2 1.15.6 follow-redirects: Possible credential leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-03-14 17:15 修改: 2026-06-17 07:21

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.2 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

ajv CVE-2025-69873 中危 6.12.6 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-02-11 19:15 修改: 2026-06-30 05:17

protobufjs CVE-2026-44288 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.2.4 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.2.4 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

@grpc/grpc-js CVE-2024-37168 中危 1.8.17 1.10.9, 1.9.15, 1.8.22 grps-js: allocate memory for incoming messages well above configured limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37168

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-06-10 22:15 修改: 2026-06-17 07:37

@hapi/inert CVE-2026-48049 中危 6.0.4 7.1.1 @hapi/inert has a static-file confinement bypass via sibling-prefix path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48049

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@hapi/wreck CVE-2026-44979 中危 17.1.0 18.1.1 @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@hapi/wreck CVE-2026-48022 中危 17.1.0 18.1.2 @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48022

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@opentelemetry/core CVE-2026-54285 中危 1.15.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@opentelemetry/core CVE-2026-54285 中危 1.15.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

tar CVE-2024-28863 中危 6.1.15 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21

tar CVE-2026-53655 中危 6.1.15 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

handlebars CVE-2026-33916 中危 4.7.8 4.7.9 handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33916

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38

handlebars GHSA-7rx3-28cr-v5wh 中危 4.7.8 4.7.9 Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

漏洞详情: https://github.com/advisories/GHSA-7rx3-28cr-v5wh

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-29 15:17 修改: 2026-03-29 15:17

@opentelemetry/core CVE-2026-54285 中危 1.5.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@opentelemetry/core CVE-2026-54285 中危 1.5.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

joi CVE-2026-48038 中危 17.7.1 18.2.1, 17.13.4 joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48038

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@opentelemetry/core CVE-2026-54285 中危 1.8.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

js-yaml CVE-2025-64718 中危 3.14.1 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

undici CVE-2025-22150 中危 5.26.3 5.28.5, 6.21.1, 7.2.3 undici: Undici Uses Insufficiently Random Values

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22150

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-01-21 18:15 修改: 2026-06-17 08:45

undici CVE-2026-1525 中危 5.26.3 6.24.0, 7.24.0 undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1525

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-12 20:16 修改: 2026-06-17 10:15

undici CVE-2026-1527 中危 5.26.3 6.24.0, 7.24.0 undici: Undici: HTTP header injection and request smuggling vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1527

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-12 21:16 修改: 2026-06-17 10:16

undici CVE-2026-22036 中危 5.26.3 7.18.2, 6.23.0 undici: Undici: Denial of Service via excessive decompression steps

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22036

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-01-14 19:16 修改: 2026-06-17 10:19

undici CVE-2026-9679 中危 5.26.3 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

js-yaml CVE-2026-53550 中危 3.14.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

js-yaml CVE-2025-64718 中危 4.1.0 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

ws CVE-2026-45736 中危 8.14.2 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-05-15 15:16 修改: 2026-07-02 12:17

yaml CVE-2026-33532 中危 1.10.2 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

yaml CVE-2026-33532 中危 2.3.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

es5-ext CVE-2024-27088 低危 0.10.46 0.10.63 es5-ext contains ECMAScript 5 extensions. Passing functions with very ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27088

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-02-26 17:15 修改: 2026-06-17 07:19

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

handlebars GHSA-442j-39wm-28r2 低危 4.7.8 4.7.9 Handlebars.js has a Property Access Validation Bypass in container.lookup

漏洞详情: https://github.com/advisories/GHSA-442j-39wm-28r2

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-29 15:16 修改: 2026-03-29 15:16

undici CVE-2024-24758 低危 5.26.3 5.28.3, 6.6.1 undici: sensitive information exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24758

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-02-16 22:15 修改: 2026-06-17 07:14

undici CVE-2024-30260 低危 5.26.3 5.28.4, 6.11.1 nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30260

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-04-04 16:15 修改: 2026-06-17 07:26

undici CVE-2024-30261 低危 5.26.3 5.28.4, 6.11.1 nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30261

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-04-04 15:15 修改: 2026-06-17 07:26

undici CVE-2025-47279 低危 5.26.3 5.29.0, 6.21.2, 7.5.0 undici: Undici Memory Leak with Invalid Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47279

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-05-15 18:15 修改: 2026-06-17 09:27

undici CVE-2026-11525 低危 5.26.3 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 5.26.3 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

ip CVE-2023-42282 低危 1.1.8 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

axios CVE-2026-42040 低危 0.21.4 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

tmp CVE-2025-54798 低危 0.0.33 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

cookie CVE-2024-47764 低危 0.5.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.6.2 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

axios CVE-2026-42040 低危 1.6.0 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:17faa680d0743e86b0c1faf8811ccb27f9ff8ab80d4bb4c5482b59725cb91459

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×