docker.io/linshen/prompt-optimizer:2.11.7 linux/amd64

docker.io/linshen/prompt-optimizer:2.11.7 - Trivy安全扫描结果 扫描时间: 2026-07-08 17:36
全部漏洞信息
低危漏洞:17 中危漏洞:79 高危漏洞:53 严重漏洞:2

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-07-08 17:36

docker.io/linshen/prompt-optimizer:2.11.7 (alpine 3.24.1) (alpine)
低危漏洞:8 中危漏洞:21 高危漏洞:28 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
apache2-utils CVE-2026-34355 高危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34355

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-07-02 12:17

apache2-utils CVE-2026-42536 高危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42536

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-07-02 12:17

apache2-utils CVE-2026-44185 高危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44185

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-07-02 12:17

apache2-utils CVE-2026-49975 高危 2.4.67-r0 2.4.68-r0 httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49975

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-30 03:20

curl CVE-2026-11352 高危 8.20.0-r1 8.21.0-r0 curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11352

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

curl CVE-2026-11586 高危 8.20.0-r1 8.21.0-r0 curl: curl: Denial of Service via WebSocket PING flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11586

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-12064 高危 8.20.0-r1 8.21.0-r0 curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

curl CVE-2026-8286 高危 8.20.0-r1 8.21.0-r0 curl: curl: Insecure connection establishment due to TLS configuration mismatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-8925 高危 8.20.0-r1 8.21.0-r0 curl: curl: Double-free vulnerability in SASL authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8925

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-8927 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to uncleared proxy authentication state

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-8932 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-9079 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9079

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-9080 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9080

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-9545 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure via cached SSL session and early data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9545

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-9546 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to persistent Referer header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9546

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-9547 高危 8.20.0-r1 8.21.0-r0 curl: curl: Man-in-the-middle attack via SSH host key bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-11352 高危 8.20.0-r1 8.21.0-r0 curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11352

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

libcurl CVE-2026-11586 高危 8.20.0-r1 8.21.0-r0 curl: curl: Denial of Service via WebSocket PING flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11586

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-12064 高危 8.20.0-r1 8.21.0-r0 curl: curl: SSH host verification bypass when using schemeless URLs with SFTP/SCP

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12064

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

libcurl CVE-2026-8286 高危 8.20.0-r1 8.21.0-r0 curl: curl: Insecure connection establishment due to TLS configuration mismatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8286

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-8925 高危 8.20.0-r1 8.21.0-r0 curl: curl: Double-free vulnerability in SASL authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8925

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-8927 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to uncleared proxy authentication state

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8927

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-8932 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8932

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-9079 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to failure to clear proxy authentication credentials

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9079

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-9080 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9080

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-9545 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure via cached SSL session and early data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9545

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-9546 高危 8.20.0-r1 8.21.0-r0 libcurl: libcurl: Information disclosure due to persistent Referer header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9546

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-9547 高危 8.20.0-r1 8.21.0-r0 curl: curl: Man-in-the-middle attack via SSH host key bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9547

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

apache2-utils CVE-2026-44631 中危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Denial of Service via crafted regular expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44631

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:51

apache2-utils CVE-2026-48913 中危 2.4.67-r0 2.4.68-r0 httpd: mod_http2: Apache HTTP Server mod_http2: Use After Free vulnerability allows arbitrary code execution or denial of service.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48913

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:55

apache2-utils CVE-2026-29170 中危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Cross-site scripting in mod_proxy_ftp via HTML directory list generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29170

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:29

apache2-utils CVE-2026-34356 中危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34356

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:38

apache2-utils CVE-2026-42535 中危 2.4.67-r0 2.4.68-r0 httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42535

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:47

apache2-utils CVE-2026-43951 中危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43951

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:50

curl CVE-2026-11856 中危 8.20.0-r1 8.21.0-r0 Successfully using libcurl to do a transfer to a specific HTTP origin ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

curl CVE-2026-8926 中危 8.20.0-r1 8.21.0-r0 curl: curl: Information disclosure via incorrect .netrc password lookup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8926

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

apache2-utils CVE-2026-44119 中危 2.4.67-r0 2.4.68-r0 httpd: Apache HTTP Server: Local .htaccess authors can read files with httpd user privileges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44119

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:50

apache2-utils CVE-2026-44186 中危 2.4.67-r0 2.4.68-r0 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44186

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-08 16:16 修改: 2026-06-17 10:50

libcurl CVE-2026-11856 中危 8.20.0-r1 8.21.0-r0 Successfully using libcurl to do a transfer to a specific HTTP origin ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11856

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

libcurl CVE-2026-8926 中危 8.20.0-r1 8.21.0-r0 curl: curl: Information disclosure via incorrect .netrc password lookup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8926

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libexpat CVE-2026-50219 中危 2.8.1-r0 2.8.2-r0 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

libexpat CVE-2026-56132 中危 2.8.1-r0 2.8.2-r0 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56403 中危 2.8.1-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56404 中危 2.8.1-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in addBinding.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56404

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56405 中危 2.8.1-r0 2.8.2-r0 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

libexpat CVE-2026-56406 中危 2.8.1-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

libexpat CVE-2026-56410 中危 2.8.1-r0 2.8.2-r0 libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56410

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:18

libexpat CVE-2026-56411 中危 2.8.1-r0 2.8.2-r0 expat: libexpat: Integer Overflow Vulnerability Leading to Information Disclosure or Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56411

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 17:16 修改: 2026-06-23 16:16

libexpat CVE-2026-56412 中危 2.8.1-r0 2.8.2-r0 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

curl CVE-2026-8924 低危 8.20.0-r1 8.21.0-r0 A flaw in curl\u2019s cookie parsing logic allows a malicious HTTP ser ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-10536 低危 8.20.0-r1 8.21.0-r0 A use-after-free vulnerability exists in libcurl when an application c ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

curl CVE-2026-11564 低危 8.20.0-r1 8.21.0-r0 libcurl keeps previously used connections in a connection pool for sub ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11564

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-10536 低危 8.20.0-r1 8.21.0-r0 A use-after-free vulnerability exists in libcurl when an application c ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10536

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 19:16

libcurl CVE-2026-11564 低危 8.20.0-r1 8.21.0-r0 libcurl keeps previously used connections in a connection pool for sub ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11564

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-8458 低危 8.20.0-r1 8.21.0-r0 libcurl might in some circumstances reuse the wrong connection when as ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

libcurl CVE-2026-8924 低危 8.20.0-r1 8.21.0-r0 A flaw in curl\u2019s cookie parsing logic allows a malicious HTTP ser ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8924

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

curl CVE-2026-8458 低危 8.20.0-r1 8.21.0-r0 libcurl might in some circumstances reuse the wrong connection when as ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8458

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-07-03 07:16 修改: 2026-07-06 18:20

apache2-utils CVE-2026-291i67 未知 2.4.67-r0 2.4.68-r0

漏洞详情:

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libexpat CVE-2026-56131 未知 2.8.1-r0 2.8.2-r0 libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56131

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56407 未知 2.8.1-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in doProlog that is rela ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56407

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:28

libexpat CVE-2026-56408 未知 2.8.1-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in copyString.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56408

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:27

libexpat CVE-2026-56409 未知 2.8.1-r0 2.8.2-r0 xmlwf in libexpat before 2.8.2 has an integer overflow for the output ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56409

镜像层: sha256:a58ffc14174f7646e1269f6db900f66664c14cfe4802ddc3826e60ad0a9781b1

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:21

Node.js (node-pkg)
低危漏洞:9 中危漏洞:58 高危漏洞:25 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
protobufjs CVE-2026-41242 严重 7.5.4 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

shell-quote CVE-2026-9277 严重 1.8.3 1.8.4 shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9277

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-22 14:16 修改: 2026-07-02 12:17

hono CVE-2026-54290 高危 4.12.9 4.12.25 hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54290

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

js-cookie CVE-2026-46625 高危 3.0.5 3.0.7 js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-10 22:16 修改: 2026-06-30 03:20

linkify-it CVE-2026-48801 高危 5.0.0 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

lodash CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

lodash-es CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

fast-uri CVE-2026-6321 高危 3.1.0 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-04 20:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-44289 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 7.5.4 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

fast-uri CVE-2026-6322 高危 3.1.0 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-05 11:16 修改: 2026-07-03 13:17

sigstore CVE-2026-48815 高危 3.1.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

undici CVE-2026-12151 高危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:7b964d9d90b645c10c857a08769d0e68d3f18532851085a807dd336cf9ddae5e

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-12151 高危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-6734 高危 7.24.6 7.28.0, 8.2.0 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6734

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:18 修改: 2026-07-07 12:17

undici CVE-2026-9697 高危 7.24.6 7.28.0, 8.5.0 undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9697

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:18 修改: 2026-07-07 12:17

vite CVE-2026-39363 高危 8.0.3 8.0.5, 7.3.2, 6.4.2 Vite: Vite: Information disclosure via WebSocket connection bypasses access control

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39363

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-30 03:19

vite CVE-2026-39363 高危 8.0.3 8.0.5, 7.3.2, 6.4.2 Vite: Vite: Information disclosure via WebSocket connection bypasses access control

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39363

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-30 03:19

vite CVE-2026-39364 高危 8.0.3 8.0.5, 7.3.2 vite: Vite: Information disclosure via query parameter manipulation on the development server

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39364

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-30 03:19

vite CVE-2026-39364 高危 8.0.3 8.0.5, 7.3.2 vite: Vite: Information disclosure via query parameter manipulation on the development server

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39364

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-30 03:19

vite CVE-2026-53571 高危 8.0.3 8.0.16, 7.3.5, 6.4.3 vite: `server.fs.deny` bypass on Windows alternate paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53571

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:44

vite CVE-2026-53571 高危 8.0.3 8.0.16, 7.3.5, 6.4.3 vite: `server.fs.deny` bypass on Windows alternate paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53571

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:44

ws CVE-2026-48779 高危 8.20.0 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 13:20 修改: 2026-07-07 12:16

hono CVE-2026-44458 中危 4.12.9 4.12.18 Hono has CSS Declaration Injection via Style Object Values in JSX SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44458

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-47673 中危 4.12.9 4.12.21 Hono: JWT middleware accepts any Authorization scheme, not only Bearer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47673

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47674 中危 4.12.9 4.12.21 Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47674

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47675 中危 4.12.9 4.12.21 Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47675

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47676 中危 4.12.9 4.12.21 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47676

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-54286 中危 4.12.9 4.12.25 hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54286

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:16

hono CVE-2026-54287 中危 4.12.9 4.12.25 hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54287

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

hono CVE-2026-54288 中危 4.12.9 4.12.25 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54288

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 19:17 修改: 2026-06-23 15:16

hono CVE-2026-54289 中危 4.12.9 4.12.25 hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54289

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

hono CVE-2026-56761 中危 4.12.9 4.12.14 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56761

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-24 13:16 修改: 2026-06-26 19:59

hono GHSA-26pp-8wgv-hjvm 中危 4.12.9 4.12.12 Hono missing validation of cookie name on write path in setCookie()

漏洞详情: https://github.com/advisories/GHSA-26pp-8wgv-hjvm

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 00:17 修改: 2026-04-08 00:17

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

@sigstore/core CVE-2026-48758 中危 2.0.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

lodash CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

lodash-es CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

markdown-it CVE-2026-48988 中危 14.1.1 14.2.0 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06

brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

postcss CVE-2026-41305 中危 8.5.8 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

dompurify CVE-2026-41238 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-41239 中危 3.3.3 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-41240 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-49458 中危 3.3.3 3.4.6 DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49458

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

dompurify CVE-2026-49459 中危 3.3.3 3.4.6 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49459

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

dompurify CVE-2026-49978 中危 3.3.3 3.4.7 DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49978

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

protobufjs CVE-2026-44288 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.5.4 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.5.4 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2026-8723 中危 6.15.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

dompurify GHSA-39q2-94rc-95cp 中危 3.3.3 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46

dompurify GHSA-76mc-f452-cxcm 中危 3.3.3 3.4.7 DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

漏洞详情: https://github.com/advisories/GHSA-76mc-f452-cxcm

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-15 19:59 修改: 2026-06-15 19:59

tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

dompurify GHSA-cmwh-pvxp-8882 中危 3.3.3 3.4.11 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

漏洞详情: https://github.com/advisories/GHSA-cmwh-pvxp-8882

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-18 14:27 修改: 2026-06-18 14:27

undici CVE-2026-9679 中危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:7b964d9d90b645c10c857a08769d0e68d3f18532851085a807dd336cf9ddae5e

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

@anthropic-ai/sdk CVE-2026-34451 中危 0.80.0 0.81.0 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34451

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-03-31 22:16 修改: 2026-06-17 10:39

@anthropic-ai/sdk CVE-2026-41686 中危 0.80.0 0.91.1 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41686

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

@hono/node-server CVE-2026-39406 中危 1.19.11 1.19.13 @hono/node-server: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39406

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

undici CVE-2026-9678 中危 7.24.6 7.28.0, 8.5.0 undici: Undici: Information disclosure due to improper cache-control header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9678

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:44

undici CVE-2026-9679 中危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

uuid CVE-2026-41907 中危 13.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

hono CVE-2026-39407 中危 4.12.9 4.12.12 Hono: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39407

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-39408 中危 4.12.9 4.12.12 Hono: Path traversal in toSSG() allows writing files outside the output directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39408

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-39409 中危 4.12.9 4.12.12 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39409

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-39410 中危 4.12.9 4.12.12 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39410

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-44455 中危 4.12.9 4.12.16 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44455

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-44456 中危 4.12.9 4.12.16 Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44456

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

vite CVE-2026-39365 中危 8.0.3 8.0.5, 7.3.2, 6.4.2 vite: Vite: Information disclosure via path traversal in dev server's .map request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39365

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-17 10:42

vite CVE-2026-39365 中危 8.0.3 8.0.5, 7.3.2, 6.4.2 vite: Vite: Information disclosure via path traversal in dev server's .map request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39365

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-04-07 20:16 修改: 2026-06-17 10:42

vite CVE-2026-53632 中危 8.0.3 8.0.16, 7.3.5, 6.4.3 launch-editor: launch-editor: Credential compromise via NTLMv2 password hash leak through UNC path access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53632

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:44

vite CVE-2026-53632 中危 8.0.3 8.0.16, 7.3.5, 6.4.3 launch-editor: launch-editor: Credential compromise via NTLMv2 password hash leak through UNC path access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53632

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:44

hono CVE-2026-44457 中危 4.12.9 4.12.18 Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44457

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

ws CVE-2026-45736 中危 8.20.0 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-15 15:16 修改: 2026-07-02 12:17

dompurify GHSA-x4vx-rjvf-j5p4 低危 3.3.3 DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

漏洞详情: https://github.com/advisories/GHSA-x4vx-rjvf-j5p4

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-15 20:00 修改: 2026-06-15 20:00

esbuild GHSA-g7r4-m6w7-qqqr 低危 0.27.4 0.28.1 esbuild allows arbitrary file read when running the development server on Windows

漏洞详情: https://github.com/advisories/GHSA-g7r4-m6w7-qqqr

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-12 20:08 修改: 2026-06-12 20:08

dompurify GHSA-gvmj-g25r-r7wr 低危 3.3.3 3.4.8 DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

漏洞详情: https://github.com/advisories/GHSA-gvmj-g25r-r7wr

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-15 20:02 修改: 2026-06-15 20:02

undici CVE-2026-11525 低危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

undici CVE-2026-11525 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:7b964d9d90b645c10c857a08769d0e68d3f18532851085a807dd336cf9ddae5e

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:7b964d9d90b645c10c857a08769d0e68d3f18532851085a807dd336cf9ddae5e

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

hono CVE-2026-44459 低危 4.12.9 4.12.18 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44459

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

dompurify GHSA-vxr8-fq34-vvx9 低危 3.3.3 3.4.9 DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

漏洞详情: https://github.com/advisories/GHSA-vxr8-fq34-vvx9

镜像层: sha256:ca08dc16bc84f913bd605d748bee29952778f2c1a8987b8d8724711e1885d4ca

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×