docker.io/library/kibana:8.19.16 linux/amd64

docker.io/library/kibana:8.19.16 - Trivy安全扫描结果扫描时间: 2026-06-11 11:54

全部漏洞信息

低危漏洞:22

中危漏洞:61

高危漏洞:18

严重漏洞:0

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-11 11:54

docker.io/library/kibana:8.19.16 (ubuntu 24.04) (ubuntu)

低危漏洞:20

中危漏洞:40

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libssl3t64	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45447	高危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libc-bin	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc-bin	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6	CVE-2026-4046	中危	2.39-0ubuntu8.7		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-4437	中危	2.39-0ubuntu8.7		glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6	CVE-2026-4438	中危	2.39-0ubuntu8.7		glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6	CVE-2026-5435	中危	2.39-0ubuntu8.7		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6	CVE-2026-6238	中危	2.39-0ubuntu8.7		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libexpat1	CVE-2025-66382	中危	2.6.1-2ubuntu0.4		libexpat: libexpat: Denial of service via crafted file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2025-11-28 07:15 修改: 2026-06-02 14:16
libgcrypt20	CVE-2026-41989	中危	1.10.3-2build1	1.10.3-2ubuntu0.1	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-23 05:16 修改: 2026-04-27 18:33
libgnutls30t64	CVE-2026-33845	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-33846	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-04 10:15 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-3832	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 17:16
libgnutls30t64	CVE-2026-3833	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42009	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-18 13:16 修改: 2026-06-08 17:16
libgnutls30t64	CVE-2026-42010	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-07 12:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42011	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-07 15:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42012	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42013	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-42014	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgnutls30t64	CVE-2026-42015	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5260	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30t64	CVE-2026-5419	中危	3.8.3-1.1ubuntu3.5	3.8.3-1.1ubuntu3.6	guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-01 21:16 修改: 2026-06-02 17:16
libmount1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsmartcols1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdutils	CVE-2026-27456	中危	1:2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue Summary: Cryptographic Message Services (CMS) processing fails t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When an application drives an AES-OCB context through t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libsystemd0	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1	CVE-2026-40226	中危	255.4-1ubuntu8.15	255.4-1ubuntu8.16	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libblkid1	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
openssl	CVE-2026-34182	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue Summary: Cryptographic Message Services (CMS) processing fails t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45445	中危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When an application drives an AES-OCB context through t ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
tar	CVE-2025-45582	中危	1.35+dfsg-3build1		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.35+dfsg-3build1		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.39.3-9ubuntu6.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsystemd0	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libgcrypt20	CVE-2024-2236	低危	1.10.3-2build1		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
libudev1	CVE-2026-40228	低危	255.4-1ubuntu8.15		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libssl3t64	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
login	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libssl3t64	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted password-encrypted CMS message can ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: An attacker-controlled CMP (Certificate Management Prot ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-34180	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42766	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A specially crafted password-encrypted CMS message can ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42767	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: An attacker-controlled CMP (Certificate Management Prot ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-42770	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-45446	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A signed integer overflow when sizing the destination b ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:76962a1dd232352dfe2540270fc5f2fdece85ec451e66ac591d776fddd8bad11 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
passwd	CVE-2024-56433	低危	1:4.13+dfsg1-4ubuntu3.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libssl3t64	CVE-2026-7383	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: A signed integer overflow when sizing the destination b ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64	CVE-2026-9076	低危	3.0.13-0ubuntu3.9	3.0.13-0ubuntu3.11	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
liblzma5	CVE-2026-34743	低危	5.6.1+really5.4.5-1ubuntu0.2	5.6.1+really5.4.5-1ubuntu0.3	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:98effb2dfe85d4c431f97d90482075f19e5fc3a57c2dd423d8bdfd4813620043 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33

Node.js (node-pkg)

低危漏洞:2

中危漏洞:21

高危漏洞:16

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
@hapi/content	CVE-2026-44974	高危	6.0.1	6.0.2	@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44974 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/exporter-prometheus	CVE-2026-44902	高危	0.213.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-27 15:16 修改: 2026-05-29 15:42
@opentelemetry/sdk-node	CVE-2026-44902	高危	0.213.0	0.217.0	Prometheus exporter process crash via malformed HTTP request 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-27 15:16 修改: 2026-05-29 15:42
axios	CVE-2026-44486	高危	1.15.2	1.16.0, 0.32.0	Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44487	高危	1.15.2	1.16.0, 0.32.0	Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44488	高危	1.15.2	1.16.0	Allocation of Resources Without Limits or Throttling in Axios 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44492	高危	1.15.2	1.16.0, 0.32.0	axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44494	高危	1.15.2	1.16.0	axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy` 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44496	高危	1.15.2	1.16.0, 0.32.0	Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
fast-uri	CVE-2026-6321	高危	3.0.3	3.1.1	fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri	CVE-2026-6322	高危	3.0.3	3.1.2	fast-uri normalize() decoded percent-encoded authority delimiters insi ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-xml-builder	CVE-2026-44665	高危	1.1.5	1.1.7	fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44665 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-13 16:16 修改: 2026-05-18 16:16
js-cookie	CVE-2026-46625	高危	2.2.1	3.0.7	JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
systeminformation	CVE-2026-26280	高危	5.30.3	5.30.8	systeminformation: systeminformation: Arbitrary command execution via unsanitized network interface parameter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26280 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-02-19 20:25 修改: 2026-02-20 20:10
systeminformation	CVE-2026-26318	高危	5.30.3	5.31.0	systeminformation: systeminformation: Arbitrary code execution via unsanitized `locate` output 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26318 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-02-19 20:25 修改: 2026-02-20 19:51
systeminformation	CVE-2026-44724	高危	5.30.3	5.31.6	systeminformation: systeminformation: Command injection via NetworkManager connection profile name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44724 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-27 20:16 修改: 2026-06-01 18:50
fast-xml-builder	CVE-2026-44664	中危	1.1.5	1.1.6	fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44664 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-13 16:16 修改: 2026-05-13 16:58
fast-xml-parser	CVE-2026-41650	中危	5.5.7	5.7.0	fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-07 15:16 修改: 2026-05-12 20:30
brace-expansion	CVE-2026-45149	中危	5.0.5	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
prismjs	CVE-2024-53382	中危	1.27.0	1.30.0	prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2025-03-03 07:15 修改: 2025-06-27 13:08
@hapi/wreck	CVE-2026-44979	中危	18.1.0	18.1.1	@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios	CVE-2026-44490	中危	1.15.2	1.16.0, 0.32.0	axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
bn.js	CVE-2026-2739	中危	4.11.9	4.12.3, 5.2.3	bn.js: bn.js: Denial of Service via calling maskn(0) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2739 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-02-20 05:17 修改: 2026-04-15 00:35
uuid	CVE-2026-41907	中危	10.0.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	11.1.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	13.0.0	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	8.3.2	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
yaml	CVE-2026-33532	中危	1.10.2	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
yaml	CVE-2026-33532	中危	2.3.4	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
yaml	CVE-2026-33532	中危	2.3.4	2.8.3, 1.10.3	yaml: yaml: Denial of Service via deeply nested YAML document parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
@ai-sdk/provider-utils	CVE-2026-8769	低危	3.0.17		@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8769 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 2026-05-17 23:17 修改: 2026-05-19 15:27
axios	CVE-2026-44489	低危	1.15.2	1.16.0	Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44489 镜像层: sha256:349ca102c2b3be2cdeebfce1388611974a7aa8d86605297da9c82dd4279b50b2 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00