docker.io/library/mysql:8.0.37 linux/amd64

docker.io/library/mysql:8.0.37 - Trivy安全扫描结果 扫描时间: 2026-06-12 21:54
全部漏洞信息
低危漏洞:19 中危漏洞:151 高危漏洞:122 严重漏洞:4

系统OS: oracle 9.4 扫描引擎: Trivy 扫描时间: 2026-06-12 21:54

docker.io/library/mysql:8.0.37 (oracle 9.4) (oracle)
低危漏洞:11 中危漏洞:99 高危漏洞:73 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
expat CVE-2025-59375 高危 2.5.0-2.el9_4 2.5.0-5.el9_7.1 firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59375

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-09-15 03:15 修改: 2026-05-12 13:17
gnupg2 CVE-2025-68973 高危 2.3.3-4.el9 2.3.3-5.el9_7 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-28 17:16 修改: 2026-01-14 19:16
krb5-libs CVE-2024-3596 高危 1.21.1-1.0.1.el9 1.21.1-4.0.1.el9_5 freeradius: forgery attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3596

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-07-09 12:15 修改: 2026-05-12 12:16
krb5-libs CVE-2024-37371 高危 1.21.1-1.0.1.el9 1.21.1-2.0.1.el9_4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37371

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-06-28 23:15 修改: 2026-05-12 12:16
libarchive CVE-2025-5914 高危 3.5.3-4.el9 3.5.3-6.el9_6 libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5914

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-09 20:15 修改: 2026-02-05 20:15
libarchive CVE-2026-4111 高危 3.5.3-4.el9 3.5.3-7.el9_7 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4111

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-03-13 19:55 修改: 2026-06-10 18:17
libarchive CVE-2026-4424 高危 3.5.3-4.el9 3.5.3-9.el9_7 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4424

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-03-19 15:16 修改: 2026-06-10 18:17
libarchive CVE-2026-5121 高危 3.5.3-4.el9 3.5.3-9.el9_7 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5121

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-03-30 08:16 修改: 2026-06-10 18:17
libbrotli CVE-2025-6176 高危 1.0.9-6.el9 1.0.9-9.el9_7 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-10-31 00:15 修改: 2026-04-15 00:35
libcap CVE-2026-4878 高危 2.48-9.el9_2 2.48-10.el9_7.1 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-04-09 16:16 修改: 2026-06-11 10:16
libnghttp2 CVE-2026-27135 高危 1.43.0-5.el9_4.3 1.43.0-6.el9_7.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-03-18 18:16 修改: 2026-05-13 22:16
libxml2 CVE-2024-56171 高危 2.9.13-6.el9_4 2.9.13-6.el9_5.2 libxml2: Use-After-Free in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56171

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-02-18 22:15 修改: 2025-11-03 21:17
libxml2 CVE-2025-24928 高危 2.9.13-6.el9_4 2.9.13-6.el9_5.2 libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24928

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-02-18 23:15 修改: 2025-11-03 22:18
libxml2 CVE-2025-49794 高危 2.9.13-6.el9_4 2.9.13-10.el9_6 libxml: Heap use after free (UAF) leads to Denial of service (DoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49794

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-16 16:15 修改: 2026-06-02 14:16
libxml2 CVE-2025-49796 高危 2.9.13-6.el9_4 2.9.13-10.el9_6 libxml: Type confusion leads to Denial of service (DoS)

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49796

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-16 16:15 修改: 2026-06-02 14:16
libxml2 CVE-2025-6021 高危 2.9.13-6.el9_4 2.9.13-10.el9_6 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6021

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-12 13:15 修改: 2026-05-12 13:17
libxml2 CVE-2025-7425 高危 2.9.13-6.el9_4 2.9.13-11.el9_6 libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7425

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-10 14:15 修改: 2026-05-12 13:17
openssl CVE-2024-12797 高危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5.1 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2025-02-11 16:15 修改: 2026-04-15 00:35
openssl CVE-2024-5535 高危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2024-06-27 11:15 修改: 2026-05-12 12:17
openssl CVE-2025-11187 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11187

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-03-20 14:16
openssl CVE-2025-15467 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-06-09 10:16
openssl CVE-2025-15468 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
openssl CVE-2025-15469 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15469

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl CVE-2025-66199 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl CVE-2025-68160 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2025-69418 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2025-69420 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2025-69421 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2026-22795 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2026-22796 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-fips-provider CVE-2024-5535 高危 3.0.7-2.0.1.el9 3.0.7-6.0.1.el9_5 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-06-27 11:15 修改: 2026-05-12 12:17
openssl-libs CVE-2024-12797 高危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5.1 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-02-11 16:15 修改: 2026-04-15 00:35
openssl-libs CVE-2024-5535 高危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-06-27 11:15 修改: 2026-05-12 12:17
openssl-libs CVE-2025-11187 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11187

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-03-20 14:16
openssl-libs CVE-2025-15467 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-06-09 10:16
openssl-libs CVE-2025-15468 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
openssl-libs CVE-2025-15469 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15469

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl-libs CVE-2025-66199 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl-libs CVE-2025-68160 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69418 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69420 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69421 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2026-22795 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2026-22796 高危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
python3 CVE-2023-6597 高危 3.9.18-3.el9 3.9.18-3.el9_4.1 python: Path traversal on tempfile.TemporaryDirectory

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-03-19 16:15 修改: 2026-04-15 00:35
python3 CVE-2024-11168 高危 3.9.18-3.el9 3.9.21-1.el9_5 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-11-12 22:15 修改: 2026-04-15 00:35
python3 CVE-2024-12718 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12718

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3 CVE-2024-5642 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5642

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-06-27 21:15 修改: 2026-04-15 00:35
python3 CVE-2024-9287 高危 3.9.18-3.el9 3.9.21-1.el9_5 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-10-22 17:15 修改: 2025-11-03 23:17
python3 CVE-2025-4138 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4138

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3 CVE-2025-4330 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Extraction filter bypass for linking outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4330

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3 CVE-2025-4435 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: Tarfile extracts filtered members when errorlevel=0

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4435

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3 CVE-2025-4517 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 python: cpython: Arbitrary writes via tarfile realpath overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4517

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3 CVE-2025-6069 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 cpython: Python HTMLParser quadratic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6069

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-17 14:15 修改: 2026-04-15 00:35
python3 CVE-2025-6075 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 python: Quadratic complexity in os.path.expandvars() with user-controlled template

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6075

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-10-31 17:15 修改: 2026-02-04 19:05
python3 CVE-2026-4519 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.2 python: Python: Command-line option injection in webbrowser.open() via crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-03-20 15:16 修改: 2026-04-16 14:53
python3 CVE-2026-4786 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.3 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-04-13 22:16 修改: 2026-04-29 16:16
python3 CVE-2026-6100 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.3 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-04-13 18:16 修改: 2026-04-17 15:18
python3-libs CVE-2023-6597 高危 3.9.18-3.el9 3.9.18-3.el9_4.1 python: Path traversal on tempfile.TemporaryDirectory

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6597

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-03-19 16:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-11168 高危 3.9.18-3.el9 3.9.21-1.el9_5 python: Improper validation of IPv6 and IPvFuture addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11168

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-11-12 22:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-12718 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12718

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-5642 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5642

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-06-27 21:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-9287 高危 3.9.18-3.el9 3.9.21-1.el9_5 python: Virtual environment (venv) activation scripts don't quote paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9287

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-10-22 17:15 修改: 2025-11-03 23:17
python3-libs CVE-2025-4138 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4138

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-4330 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: python: Extraction filter bypass for linking outside extraction directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4330

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-4435 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 cpython: Tarfile extracts filtered members when errorlevel=0

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4435

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-4517 高危 3.9.18-3.el9 3.9.21-2.el9_6.1 python: cpython: Arbitrary writes via tarfile realpath overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4517

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-03 13:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-6069 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 cpython: Python HTMLParser quadratic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6069

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-06-17 14:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-6075 高危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 python: Quadratic complexity in os.path.expandvars() with user-controlled template

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6075

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-10-31 17:15 修改: 2026-02-04 19:05
python3-libs CVE-2026-4519 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.2 python: Python: Command-line option injection in webbrowser.open() via crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-03-20 15:16 修改: 2026-04-16 14:53
python3-libs CVE-2026-4786 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.3 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-04-13 22:16 修改: 2026-04-29 16:16
python3-libs CVE-2026-6100 高危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.3 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-04-13 18:16 修改: 2026-04-17 15:18
sqlite-libs CVE-2025-6965 高危 3.34.1-7.el9_3 3.34.1-9.el9_7 sqlite: Integer Truncation in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6965

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-15 14:15 修改: 2026-04-14 10:16
glib2 CVE-2024-52533 中危 2.68.4-14.el9 2.68.4-16.el9_6.2 glib: buffer overflow in set_connect_msg()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52533

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-11-11 23:15 修改: 2025-06-17 01:23
glib2 CVE-2025-13601 中危 2.68.4-14.el9 2.68.4-18.el9_7.1 glib: Integer overflow in in g_escape_uri_string()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13601

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-11-26 15:15 修改: 2026-06-02 14:16
glib2 CVE-2025-14087 中危 2.68.4-14.el9 2.68.4-18.el9_7.2 glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14087

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-10 09:15 修改: 2026-06-10 18:16
glib2 CVE-2025-14512 中危 2.68.4-14.el9 2.68.4-18.el9_7.2 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14512

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-11 07:16 修改: 2026-06-10 18:16
glib2 CVE-2025-4373 中危 2.68.4-14.el9 2.68.4-16.el9_6.2 glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4373

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-05-06 15:16 修改: 2026-05-12 13:17
glibc CVE-2025-0395 中危 2.34-100.0.1.el9_4.2 2.34-125.0.1.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-01-22 13:15 修改: 2026-05-12 13:16
libxml2 CVE-2022-49043 中危 2.9.13-6.el9_4 2.9.13-6.el9_5.1 libxml: use-after-free in xmlXIncludeAddNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-49043

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-01-26 06:15 修改: 2025-11-03 21:15
libxml2 CVE-2025-32414 中危 2.9.13-6.el9_4 2.9.13-12.el9_6 libxml2: Out-of-Bounds Read in libxml2

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32414

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-04-08 03:15 修改: 2025-11-03 20:18
libxml2 CVE-2025-32415 中危 2.9.13-6.el9_4 2.9.13-12.el9_6 libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32415

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-04-17 17:15 修改: 2025-11-03 20:18
libxml2 CVE-2025-9714 中危 2.9.13-6.el9_4 2.9.13-14.el9_7 libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9714

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-09-10 19:15 修改: 2026-05-12 13:17
glibc CVE-2025-15281 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc CVE-2025-4802 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-05-16 20:15 修改: 2025-11-03 20:19
glibc CVE-2025-5702 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-05 19:15 修改: 2025-10-01 15:37
glibc CVE-2025-8058 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-23 20:15 修改: 2026-04-15 00:35
glibc CVE-2026-0861 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc CVE-2026-0915 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
glibc-common CVE-2025-0395 中危 2.34-100.0.1.el9_4.2 2.34-125.0.1.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-01-22 13:15 修改: 2026-05-12 13:16
glibc-common CVE-2025-15281 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-common CVE-2025-4802 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-05-16 20:15 修改: 2025-11-03 20:19
glibc-common CVE-2025-5702 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-05 19:15 修改: 2025-10-01 15:37
glibc-common CVE-2025-8058 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-23 20:15 修改: 2026-04-15 00:35
glibc-common CVE-2026-0861 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-common CVE-2026-0915 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
openssl CVE-2024-6119 中危 1:3.0.7-27.0.3.el9 1:3.0.7-28.0.1.el9_4 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
openssl CVE-2025-69419 中危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl CVE-2025-9230 中危 1:3.0.7-27.0.3.el9 1:3.5.1-4.0.1.el9_7 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
glibc-minimal-langpack CVE-2025-0395 中危 2.34-100.0.1.el9_4.2 2.34-125.0.1.el9_5.8 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-01-22 13:15 修改: 2026-05-12 13:16
glibc-minimal-langpack CVE-2025-15281 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-minimal-langpack CVE-2025-4802 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.19 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-05-16 20:15 修改: 2025-11-03 20:19
glibc-minimal-langpack CVE-2025-5702 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.20 glibc: Vector register overwrite bug in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5702

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-05 19:15 修改: 2025-10-01 15:37
glibc-minimal-langpack CVE-2025-8058 中危 2.34-100.0.1.el9_4.2 2.34-168.0.1.el9_6.23 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-23 20:15 修改: 2026-04-15 00:35
glibc-minimal-langpack CVE-2026-0861 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-minimal-langpack CVE-2026-0915 中危 2.34-100.0.1.el9_4.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
bzip2-libs CVE-2019-12900 中危 1.0.8-8.el9 1.0.8-10.el9_5 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12900

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2019-06-19 23:15 修改: 2025-06-09 16:15
gnutls CVE-2024-12243 中危 3.8.3-4.el9_4 3.8.3-6.el9 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-02-10 16:15 修改: 2026-05-12 12:16
gnutls CVE-2025-14831 中危 3.8.3-4.el9_4 3.8.3-10.el9_7 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-02-09 15:16 修改: 2026-06-10 18:16
gnutls CVE-2025-32988 中危 3.8.3-4.el9_4 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS otherName SAN export

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32988

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-10 08:15 修改: 2026-05-12 13:16
gnutls CVE-2025-32989 中危 3.8.3-4.el9_4 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS SCT extension parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32989

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-10 08:15 修改: 2026-05-12 13:16
gnutls CVE-2025-32990 中危 3.8.3-4.el9_4 3.8.3-6.el9_6.2 gnutls: Vulnerability in GnuTLS certtool template parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32990

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-10 10:15 修改: 2026-04-20 22:16
gnutls CVE-2025-6395 中危 3.8.3-4.el9_4 3.8.3-6.el9_6.2 gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6395

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-10 16:15 修改: 2026-05-12 13:17
openssl-libs CVE-2024-6119 中危 1:3.0.7-27.0.3.el9 1:3.0.7-28.0.1.el9_4 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-09-03 16:15 修改: 2026-05-12 12:17
openssl-libs CVE-2025-69419 中危 1:3.0.7-27.0.3.el9 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-9230 中危 1:3.0.7-27.0.3.el9 1:3.5.1-4.0.1.el9_7 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
gnutls CVE-2025-9820 中危 3.8.3-4.el9_4 3.8.3-10.el9_7 gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-26 20:16 修改: 2026-05-12 13:17
curl CVE-2024-2398 中危 7.76.1-29.el9_4 7.76.1-29.el9_4.1 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
curl CVE-2025-9086 中危 7.76.1-29.el9_4 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
krb5-libs CVE-2024-26458 中危 1.21.1-1.0.1.el9 1.21.1-3.0.1.el9 krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26458

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-02-29 01:44 修改: 2025-05-23 15:39
krb5-libs CVE-2024-26461 中危 1.21.1-1.0.1.el9 1.21.1-3.0.1.el9 krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26461

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-02-29 01:44 修改: 2025-05-23 15:30
krb5-libs CVE-2024-26462 中危 1.21.1-1.0.1.el9 1.21.1-3.0.1.el9 krb5: Memory leak at /krb5/src/kdc/ndr.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26462

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-02-29 01:44 修改: 2025-03-25 20:15
krb5-libs CVE-2024-37370 中危 1.21.1-1.0.1.el9 1.21.1-2.0.1.el9_4 krb5: GSS message token handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37370

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-06-28 22:15 修改: 2026-05-12 12:16
krb5-libs CVE-2025-24528 中危 1.21.1-1.0.1.el9 1.21.1-6.0.1.el9 krb5: overflow when calculating ulog block size

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24528

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2026-01-16 18:16 修改: 2026-04-15 00:35
krb5-libs CVE-2025-3576 中危 1.21.1-1.0.1.el9 1.21.1-8.0.1.el9_6 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-3576

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-04-15 06:15 修改: 2026-05-12 13:17
bzip2 CVE-2019-12900 中危 1.0.8-8.el9 1.0.8-10.el9_5 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12900

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2019-06-19 23:15 修改: 2025-06-09 16:15
expat CVE-2024-45490 中危 2.5.0-2.el9_4 2.5.0-2.el9_4.1 libexpat: Negative Length Parsing Vulnerability in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45490

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
expat CVE-2024-45491 中危 2.5.0-2.el9_4 2.5.0-2.el9_4.1 libexpat: Integer Overflow or Wraparound

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45491

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
expat CVE-2024-45492 中危 2.5.0-2.el9_4 2.5.0-2.el9_4.1 libexpat: integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45492

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-30 03:15 修改: 2026-05-12 12:17
libarchive CVE-2025-25724 中危 3.5.3-4.el9 3.5.3-5.el9_6 libarchive: Buffer Overflow vulnerability in libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25724

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-03-02 02:15 修改: 2025-07-17 15:56
python3 CVE-2024-0450 中危 3.9.18-3.el9 3.9.18-3.el9_4.1 python: The zipfile module is vulnerable to zip-bombs leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-03-19 16:15 修改: 2026-04-15 00:35
python3 CVE-2024-4032 中危 3.9.18-3.el9 3.9.18-3.el9_4.3 python: incorrect IPv4 and IPv6 private ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-06-17 15:15 修改: 2026-04-15 00:35
python3 CVE-2024-6232 中危 3.9.18-3.el9 3.9.19-8.el9_5.1 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-09-03 13:15 修改: 2025-11-03 23:17
python3 CVE-2024-6923 中危 3.9.18-3.el9 3.9.18-3.el9_4.5 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-01 14:15 修改: 2026-04-15 00:35
python3 CVE-2024-8088 中危 3.9.18-3.el9 3.9.19-8.el9 python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-22 19:15 修改: 2026-04-15 00:35
python3 CVE-2025-0938 中危 3.9.18-3.el9 3.9.21-2.el9 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-01-31 18:15 修改: 2026-04-15 00:35
python3 CVE-2025-12084 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12084

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-12-03 19:15 修改: 2026-01-26 15:16
python3 CVE-2025-15366 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: IMAP command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15366

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-20 22:15 修改: 2026-04-15 00:35
python3 CVE-2025-15367 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: POP3 command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15367

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-20 22:15 修改: 2026-04-15 00:35
python3 CVE-2025-8194 中危 3.9.18-3.el9 3.9.21-2.el9_6.2 cpython: Cpython infinite loop when parsing a tarfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8194

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-07-28 19:15 修改: 2026-04-15 00:35
python3 CVE-2025-8291 中危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8291

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-10-07 18:16 修改: 2026-04-15 00:35
python3 CVE-2026-1299 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: email header injection due to unquoted newlines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1299

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-23 17:16 修改: 2026-04-15 00:35
libblkid CVE-2025-14104 中危 2.37.4-18.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
expat CVE-2024-50602 中危 2.5.0-2.el9_4 2.5.0-3.el9_5.1 libexpat: expat: DoS via XML_ResumeParser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50602

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-10-27 05:15 修改: 2025-10-15 17:54
expat CVE-2024-8176 中危 2.5.0-2.el9_4 2.5.0-5.el9_6 libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8176

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-03-14 09:15 修改: 2026-04-15 00:35
libcurl CVE-2024-2398 中危 7.76.1-29.el9_4 7.76.1-29.el9_4.1 curl: HTTP/2 push headers memory-leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2398

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-03-27 08:15 修改: 2025-07-30 19:42
libcurl CVE-2025-9086 中危 7.76.1-29.el9_4 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
libgcc CVE-2020-11023 中危 11.4.1-3.0.1.el9 11.5.0-5.0.1.el9_5 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11023

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2020-04-29 21:15 修改: 2025-11-07 19:32
libgcrypt CVE-2024-2236 中危 1.10.0-10.el9_2 1.10.0-11.el9 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
libmount CVE-2025-14104 中危 2.37.4-18.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glib2 CVE-2024-34397 中危 2.68.4-14.el9 2.68.4-14.el9_4.1 glib2: Signal subscription vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34397

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-05-07 18:15 修改: 2026-05-12 12:16
libsmartcols CVE-2025-14104 中危 2.37.4-18.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
libssh CVE-2025-5318 中危 0.10.4-13.el9 0.10.4-15.el9_7 libssh: out-of-bounds read in sftp_handle()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5318

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-06-24 14:15 修改: 2026-02-27 17:16
libssh CVE-2025-5987 中危 0.10.4-13.el9 0.10.4-17.el9_7 libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5987

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-07 15:15 修改: 2026-03-20 21:17
libstdc++ CVE-2020-11023 中危 11.4.1-3.0.1.el9 11.5.0-5.0.1.el9_5 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11023

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2020-04-29 21:15 修改: 2025-11-07 19:32
libtasn1 CVE-2024-12133 中危 4.16.0-8.el9_1 4.16.0-9.el9 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-02-10 16:15 修改: 2026-05-12 12:16
python3-libs CVE-2024-0450 中危 3.9.18-3.el9 3.9.18-3.el9_4.1 python: The zipfile module is vulnerable to zip-bombs leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0450

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-03-19 16:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-4032 中危 3.9.18-3.el9 3.9.18-3.el9_4.3 python: incorrect IPv4 and IPv6 private ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4032

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-06-17 15:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-6232 中危 3.9.18-3.el9 3.9.19-8.el9_5.1 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6232

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-09-03 13:15 修改: 2025-11-03 23:17
python3-libs CVE-2024-6923 中危 3.9.18-3.el9 3.9.18-3.el9_4.5 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6923

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-01 14:15 修改: 2026-04-15 00:35
python3-libs CVE-2024-8088 中危 3.9.18-3.el9 3.9.19-8.el9 python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8088

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-08-22 19:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-0938 中危 3.9.18-3.el9 3.9.21-2.el9 python: cpython: URL parser allowed square brackets in domain names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0938

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-01-31 18:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-12084 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12084

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-12-03 19:15 修改: 2026-01-26 15:16
python3-libs CVE-2025-15366 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: IMAP command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15366

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-20 22:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-15367 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: POP3 command injection in user-controlled commands

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15367

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-20 22:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-8194 中危 3.9.18-3.el9 3.9.21-2.el9_6.2 cpython: Cpython infinite loop when parsing a tarfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8194

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-07-28 19:15 修改: 2026-04-15 00:35
python3-libs CVE-2025-8291 中危 3.9.18-3.el9 3.9.25-2.0.1.el9_7 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8291

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-10-07 18:16 修改: 2026-04-15 00:35
python3-libs CVE-2026-1299 中危 3.9.18-3.el9 3.9.25-3.0.1.el9_7.1 cpython: email header injection due to unquoted newlines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1299

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-01-23 17:16 修改: 2026-04-15 00:35
libuuid CVE-2025-14104 中危 2.37.4-18.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
systemd-libs CVE-2025-4598 中危 252-32.0.2.el9_4 252-55.0.3.el9_7.7 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:1b993fefce3df064d6384eb49ae525dce19a9414c23f74a562aa05b4b5a9b78a

发布日期: 2025-05-30 14:15 修改: 2026-05-19 16:16
systemd-libs CVE-2026-29111 中危 252-32.0.2.el9_4 252-55.0.3.el9_7.9 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:1b993fefce3df064d6384eb49ae525dce19a9414c23f74a562aa05b4b5a9b78a

发布日期: 2026-03-23 22:16 修改: 2026-04-15 16:44
tar CVE-2025-45582 中危 2:1.34-6.el9_1 2:1.34-9.el9_7 tar: Tar path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
openssl CVE-2024-4603 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2024-05-16 16:15 修改: 2026-04-15 00:35
openssl-libs CVE-2024-2511 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-04-08 14:15 修改: 2026-05-12 12:16
openssl-libs CVE-2024-4603 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-05-16 16:15 修改: 2026-04-15 00:35
openssl-libs CVE-2024-4741 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-11-13 11:15 修改: 2026-04-15 00:35
openssl CVE-2024-4741 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2024-11-13 11:15 修改: 2026-04-15 00:35
ncurses-libs CVE-2022-29458 低危 6.2-10.20210508.el9 6.2-10.20210508.el9_6.2 ncurses: segfaulting OOB read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29458

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2022-04-18 21:15 修改: 2025-06-09 15:15
shadow-utils CVE-2024-56433 低危 2:4.9-8.el9 2:4.9-15.el9 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
openssl-fips-provider CVE-2024-2511 低危 3.0.7-2.0.1.el9 3.0.7-6.0.1.el9_5 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-04-08 14:15 修改: 2026-05-12 12:16
openssl-fips-provider CVE-2024-4603 低危 3.0.7-2.0.1.el9 3.0.7-6.0.1.el9_5 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-05-16 16:15 修改: 2026-04-15 00:35
openssl-fips-provider CVE-2024-4741 低危 3.0.7-2.0.1.el9 3.0.7-6.0.1.el9_5 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:85bc4f1b0c3fcba224f9e2ef60734c74d682228f91e14e402892c43ef0c7908d

发布日期: 2024-11-13 11:15 修改: 2026-04-15 00:35
openssl CVE-2024-2511 低危 1:3.0.7-27.0.3.el9 1:3.2.2-6.0.1.el9_5 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:0fc655241fa95bccf46fddf1948468d186c7ab91a642e0c5e0cc7a6bc1a8af2e

发布日期: 2024-04-08 14:15 修改: 2026-05-12 12:16
Python (python-pkg)
低危漏洞:4 中危漏洞:4 高危漏洞:4 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
cryptography CVE-2023-50782 高危 41.0.7 42.0.0 python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50782

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-02-05 21:15 修改: 2026-03-24 12:16
cryptography CVE-2024-26130 高危 41.0.7 42.0.4 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26130

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-02-21 17:15 修改: 2025-02-05 22:09
cryptography CVE-2026-26007 高危 41.0.7 46.0.5 cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26007

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-02-10 22:17 修改: 2026-02-23 15:40
pyOpenSSL CVE-2026-27459 高危 23.3.0 26.0.0 pyOpenSSL: DTLS cookie callback buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27459

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-03-18 00:16 修改: 2026-03-25 16:41
cryptography CVE-2024-0727 中危 41.0.7 42.0.2 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-01-26 09:15 修改: 2026-05-12 12:16
cryptography GHSA-h4gh-qq45-vh27 中危 41.0.7 43.0.1 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-h4gh-qq45-vh27

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-09-03 21:59 修改: 2024-09-03 21:59
paramiko CVE-2023-48795 中危 2.11.0 3.4.0 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2023-12-18 16:15 修改: 2026-05-12 11:16
PyNaCl CVE-2025-69277 中危 1.4.0 1.6.2 libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69277

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2025-12-31 06:15 修改: 2026-04-15 00:35
certifi CVE-2024-39689 低危 2024.2.2 2024.7.4 python-certifi: Remove root certificates from `GLOBALTRUST` from the root store

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39689

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2024-07-05 19:15 修改: 2025-02-15 00:15
paramiko CVE-2026-44405 低危 2.11.0 paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44405

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-05-06 00:16 修改: 2026-05-07 15:53
cryptography CVE-2026-34073 低危 41.0.7 46.0.6 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-03-31 03:15 修改: 2026-04-06 15:30
pyOpenSSL CVE-2026-27448 低危 23.3.0 26.0.0 pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27448

镜像层: sha256:5ac074424236597929036875ca9a74813e481bca13635847dc403a95dc00f0a0

发布日期: 2026-03-18 00:16 修改: 2026-03-23 18:10
usr/local/bin/gosu (gobinary)
低危漏洞:4 中危漏洞:48 高危漏洞:45 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2023-24538 严重 v1.18.2 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib CVE-2023-24540 严重 v1.18.2 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib CVE-2024-24790 严重 v1.18.2 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-06-05 16:15 修改: 2024-11-21 08:59
stdlib CVE-2025-68121 严重 v1.18.2 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
stdlib CVE-2022-27664 高危 v1.18.2 1.18.6, 1.19.1 golang: net/http: handle server errors after sending GOAWAY

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-09-06 18:15 修改: 2024-11-21 06:56
stdlib CVE-2022-28131 高危 v1.18.2 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Decoder.Skip

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2024-11-21 06:56
stdlib CVE-2022-2879 高危 v1.18.2 1.18.7, 1.19.2 golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-10-14 15:15 修改: 2024-11-21 07:01
stdlib CVE-2022-2880 高危 v1.18.2 1.18.7, 1.19.2 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-10-14 15:15 修改: 2024-11-21 07:01
stdlib CVE-2022-29804 高危 v1.18.2 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2024-11-21 06:59
stdlib CVE-2022-30580 高危 v1.18.2 1.17.11, 1.18.3 golang: os/exec: Code injection in Cmd.Start

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 18:16
stdlib CVE-2022-30630 高危 v1.18.2 1.17.12, 1.18.4 golang: io/fs: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 18:16
stdlib CVE-2022-30631 高危 v1.18.2 1.17.12, 1.18.4 golang: compress/gzip: stack exhaustion in Reader.Read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2025-10-20 18:15
stdlib CVE-2022-30632 高危 v1.18.2 1.17.12, 1.18.4 golang: path/filepath: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2024-11-21 07:03
stdlib CVE-2022-30633 高危 v1.18.2 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Unmarshal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 18:16
stdlib CVE-2022-30634 高危 v1.18.2 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-07-15 20:15 修改: 2024-11-21 07:03
stdlib CVE-2022-30635 高危 v1.18.2 1.17.12, 1.18.4 golang: encoding/gob: stack exhaustion in Decoder.Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 18:16
stdlib CVE-2022-32189 高危 v1.18.2 1.17.13, 1.18.5 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2024-11-21 07:05
stdlib CVE-2022-41715 高危 v1.18.2 1.18.7, 1.19.2 golang: regexp/syntax: limit memory used by parsing regexps

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-10-14 15:16 修改: 2024-11-21 07:23
stdlib CVE-2022-41716 高危 v1.18.2 1.18.8, 1.19.3 Due to unsanitized NUL values, attackers may be able to maliciously se ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-11-02 16:15 修改: 2024-11-21 07:23
stdlib CVE-2022-41720 高危 v1.18.2 1.18.9, 1.19.4 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-12-07 17:15 修改: 2025-04-23 16:15
stdlib CVE-2022-41722 高危 v1.18.2 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib CVE-2022-41723 高危 v1.18.2 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-02-28 18:15 修改: 2025-05-05 16:15
stdlib CVE-2022-41724 高危 v1.18.2 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib CVE-2022-41725 高危 v1.18.2 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-02-28 18:15 修改: 2024-11-21 07:23
stdlib CVE-2023-24534 高危 v1.18.2 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib CVE-2023-24536 高危 v1.18.2 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-04-06 16:15 修改: 2025-02-12 18:15
stdlib CVE-2023-24537 高危 v1.18.2 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-04-06 16:15 修改: 2025-02-12 17:15
stdlib CVE-2023-24539 高危 v1.18.2 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib CVE-2023-29400 高危 v1.18.2 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-05-11 16:15 修改: 2025-01-24 17:15
stdlib CVE-2023-29403 高危 v1.18.2 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-06-08 21:15 修改: 2025-01-06 20:15
stdlib CVE-2023-39325 高危 v1.18.2 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-10-11 22:15 修改: 2024-11-21 08:15
stdlib CVE-2023-45283 高危 v1.18.2 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib CVE-2023-45287 高危 v1.18.2 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-12-05 17:15 修改: 2024-11-21 08:26
stdlib CVE-2023-45288 高危 v1.18.2 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-04-04 21:15 修改: 2026-04-15 00:35
stdlib CVE-2024-34156 高危 v1.18.2 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib CVE-2025-61726 高危 v1.18.2 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:47
stdlib CVE-2025-61729 高危 v1.18.2 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
stdlib CVE-2026-25679 高危 v1.18.2 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib CVE-2026-32280 高危 v1.18.2 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib CVE-2026-32281 高危 v1.18.2 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32283 高危 v1.18.2 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib CVE-2026-33811 高危 v1.18.2 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.18.2 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib CVE-2026-39820 高危 v1.18.2 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib CVE-2026-39823 高危 v1.18.2 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39825 高危 v1.18.2 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib CVE-2026-39836 高危 v1.18.2 1.25.10, 1.26.3 ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib CVE-2026-42499 高危 v1.18.2 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42504 高危 v1.18.2 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing many invalid enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib CVE-2022-1705 中危 v1.18.2 1.17.12, 1.18.4 golang: net/http: improper sanitization of Transfer-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 18:16
stdlib CVE-2022-1962 中危 v1.18.2 1.17.12, 1.18.4 golang: go/parser: stack exhaustion in all Parse* functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 20:16
stdlib CVE-2022-32148 中危 v1.18.2 1.17.12, 1.18.4 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 20:16
stdlib CVE-2022-41717 中危 v1.18.2 1.18.9, 1.19.4 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-12-08 20:15 修改: 2024-11-21 07:23
stdlib CVE-2023-24532 中危 v1.18.2 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-03-08 20:15 修改: 2024-11-21 07:48
stdlib CVE-2023-29406 中危 v1.18.2 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-07-11 20:15 修改: 2024-11-21 07:56
stdlib CVE-2023-29409 中危 v1.18.2 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-08-02 20:15 修改: 2024-11-21 07:57
stdlib CVE-2023-39318 中危 v1.18.2 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib CVE-2023-39319 中危 v1.18.2 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-09-08 17:15 修改: 2024-11-21 08:15
stdlib CVE-2023-39326 中危 v1.18.2 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-12-06 17:15 修改: 2024-11-21 08:15
stdlib CVE-2023-45284 中危 v1.18.2 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2023-11-09 17:15 修改: 2024-11-21 08:26
stdlib CVE-2023-45289 中危 v1.18.2 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2023-45290 中危 v1.18.2 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2024-24783 中危 v1.18.2 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2024-24784 中危 v1.18.2 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2024-24785 中危 v1.18.2 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-03-05 23:15 修改: 2026-04-15 00:35
stdlib CVE-2024-24789 中危 v1.18.2 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-06-05 16:15 修改: 2025-01-31 15:15
stdlib CVE-2024-24791 中危 v1.18.2 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-07-02 22:15 修改: 2026-04-15 00:35
stdlib CVE-2024-34155 中危 v1.18.2 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib CVE-2024-34158 中危 v1.18.2 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2024-09-06 21:15 修改: 2026-04-15 00:35
stdlib CVE-2024-45336 中危 v1.18.2 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib CVE-2025-0913 中危 v1.18.2 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
stdlib CVE-2025-22866 中危 v1.18.2 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-02-06 17:15 修改: 2026-04-15 00:35
stdlib CVE-2025-22870 中危 v1.18.2 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-03-12 19:15 修改: 2026-04-16 23:16
stdlib CVE-2025-22871 中危 v1.18.2 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-04-08 20:15 修改: 2026-05-12 13:16
stdlib CVE-2025-22873 中危 v1.18.2 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-02-04 23:15 修改: 2026-02-10 15:16
stdlib CVE-2025-4673 中危 v1.18.2 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-06-11 17:15 修改: 2026-04-15 00:35
stdlib CVE-2025-47906 中危 v1.18.2 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-09-18 19:15 修改: 2026-01-27 19:56
stdlib CVE-2025-47907 中危 v1.18.2 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-08-07 16:15 修改: 2026-01-29 19:11
stdlib CVE-2025-47912 中危 v1.18.2 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 13:57
stdlib CVE-2025-58183 中危 v1.18.2 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib CVE-2025-58185 中危 v1.18.2 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-02-06 20:26
stdlib CVE-2025-58187 中危 v1.18.2 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 16:02
stdlib CVE-2025-58188 中危 v1.18.2 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:55
stdlib CVE-2025-58189 中危 v1.18.2 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib CVE-2025-61723 中危 v1.18.2 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:49
stdlib CVE-2025-61724 中危 v1.18.2 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-01-29 15:30
stdlib CVE-2025-61725 中危 v1.18.2 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib CVE-2025-61727 中危 v1.18.2 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
stdlib CVE-2025-61728 中危 v1.18.2 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-01-28 20:16 修改: 2026-02-06 18:45
stdlib CVE-2025-61730 中危 v1.18.2 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-01-28 20:16 修改: 2026-02-03 20:36
stdlib CVE-2026-27142 中危 v1.18.2 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib CVE-2026-27145 中危 v1.18.2 1.25.11, 1.26.4 *x509.Certificate).VerifyHostname previously called matchHostnames in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib CVE-2026-32282 中危 v1.18.2 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib CVE-2026-32288 中危 v1.18.2 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib CVE-2026-32289 中危 v1.18.2 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib CVE-2026-39826 中危 v1.18.2 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib CVE-2026-42507 中危 v1.18.2 1.25.11, 1.26.4 When returning errors, functions in the net/textproto package would in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib CVE-2022-30629 低危 v1.18.2 1.17.11, 1.18.3 golang: crypto/tls: session tickets lack random ticket_age_add

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2022-08-10 20:15 修改: 2026-03-06 20:16
stdlib CVE-2024-45341 低危 v1.18.2 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-01-28 02:15 修改: 2026-04-15 00:35
stdlib CVE-2025-58186 低危 v1.18.2 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2025-10-29 23:16 修改: 2026-04-15 00:35
stdlib CVE-2026-27139 低危 v1.18.2 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:1de8860d42c9efd0dcf4a99b8ea5647c240975890f8752c8c62337ffd19ae1d8

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32