docker.io/linuxserver/homeassistant:2026.6.4 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:6

中危漏洞:11

高危漏洞:7

严重漏洞:0

系统OS: alpine 3.22.4 扫描引擎: Trivy 扫描时间: 2026-06-25 14:43

docker.io/linuxserver/homeassistant:2026.6.4 (alpine 3.22.4) (alpine)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Python (python-pkg)

低危漏洞:6

中危漏洞:11

高危漏洞:7

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
PyJWT	CVE-2026-48526	高危	2.12.1	2.13.0	python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
cryptography	GHSA-537c-gmf6-5ccf	高危	48.0.0	48.0.1	Vulnerable OpenSSL included in cryptography wheels 漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
ecdsa	CVE-2024-23342	高危	0.19.2		python-ecdsa: vulnerable to the Minerva attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23342 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2024-01-23 00:15 修改: 2026-06-17 07:12
protobuf	CVE-2026-0994	高危	6.32.0	6.33.5, 5.29.6	python: protobuf: Protobuf: Denial of Service due to recursion depth bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0994 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-01-23 15:16 修改: 2026-06-17 10:11
yt-dlp	CVE-2026-50023	高危	2026.3.17	2026.6.9	yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50023 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-23 17:17 修改: 2026-06-23 17:57
yt-dlp	CVE-2026-50574	高危	2026.3.17	2026.6.9	yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50574 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-23 17:17 修改: 2026-06-23 18:18
yt-dlp	GHSA-69qj-pvh9-c5wg	高危	2026.3.17	2026.6.9	yt-dlp: Arbitrary command injection possible if --exec option used with yt-dlp 漏洞详情: https://github.com/advisories/GHSA-69qj-pvh9-c5wg 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-16 22:29 修改: 2026-06-16 22:29
aiohttp	CVE-2026-54274	中危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17
aiohttp	CVE-2026-54276	中危	3.13.5	3.14.1	aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-23 17:17
aiohttp	CVE-2026-54277	中危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17
aiohttp	CVE-2026-54278	中危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:16
PyJWT	CVE-2026-48522	中危	2.12.1	2.13.0	python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
PyJWT	CVE-2026-48523	中危	2.12.1	2.13.0	python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48523 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
PyJWT	CVE-2026-48525	中危	2.12.1	2.13.0	python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
aiohttp	CVE-2026-34993	中危	3.13.5	3.14.0	aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:39
aiohttp	CVE-2026-47265	中危	3.13.5	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:54
aiohttp	CVE-2026-54273	中危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17
yt-dlp	CVE-2026-50019	中危	2026.3.17	2026.6.9	yt-dlp is a command-line audio/video downloader. From 2023.09.24 until ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50019 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-23 17:17 修改: 2026-06-23 18:18
paramiko	CVE-2026-44405	低危	3.5.0		paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44405 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-06 00:16 修改: 2026-06-17 10:50
aiohttp	CVE-2026-54275	低危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17
aiohttp	CVE-2026-54279	低危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17
aiohttp	CVE-2026-54280	低危	3.13.5	3.14.1	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17
PyJWT	CVE-2026-48524	低危	2.12.1	2.13.0	python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
aiohttp	CVE-2026-50269	低危	3.13.5	3.14.0	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269 镜像层: sha256:442275eebbe50d4d8ea3ba11b1bde99d28309f313bee4c5b67eec04e031585b0 发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:17

usr/local/bin/uv (rustbinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

usr/local/bin/uvx (rustbinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/linkplay/consts.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/meteofrance_api/const.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/pylutron_caseta/assets.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/adultswim.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/aenetworks.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/blackboardcollaborate.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/cloudflarestream.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/espn.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/go.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/nbc.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/shahid.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/tbs.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/vice.py ()

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/linuxserver/homeassistant:2026.6.4 linux/amd64

全部漏洞信息

docker.io/linuxserver/homeassistant:2026.6.4 (alpine 3.22.4) (alpine)

Python (python-pkg)

usr/local/bin/uv (rustbinary)

usr/local/bin/uvx (rustbinary)

/usr/local/lib/python3.14.bak/site-packages/linkplay/consts.py ()

/usr/local/lib/python3.14.bak/site-packages/meteofrance_api/const.py ()

/usr/local/lib/python3.14.bak/site-packages/pylutron_caseta/assets.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/adultswim.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/aenetworks.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/blackboardcollaborate.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/cloudflarestream.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/espn.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/go.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/nbc.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/shahid.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/tbs.py ()

/usr/local/lib/python3.14.bak/site-packages/yt_dlp/extractor/vice.py ()