docker.io/linuxserver/nextcloud:34.0.0 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:2

中危漏洞:10

高危漏洞:2

严重漏洞:0

系统OS: alpine 3.22.4 扫描引擎: Trivy 扫描时间: 2026-06-18 16:18

docker.io/linuxserver/nextcloud:34.0.0 (alpine 3.22.4) (alpine)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

app/www/src/3rdparty/composer/installed.json (composer-vendor)

低危漏洞:2

中危漏洞:8

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
phpseclib/phpseclib	CVE-2026-44167	高危	2.0.53	1.0.29, 2.0.54, 3.0.52	phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44167 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-05-12 18:17 修改: 2026-05-13 18:24
symfony/mime	CVE-2026-45067	高危	v6.4.32	3.0.0, 5.1.0, 7.3.0, 7.4.12, 5.0.0, 5.3.0, 5.4.0, 6.2.0, 7.2.0, 7.4.0, 5.2.0, 6.4.0, 6.4.40, 7.1.0, 4.0.0, 5.4.52, 6.1.0, 6.3.0, 8.0.12	CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45067 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/psr7	CVE-2026-48998	中危	2.9.0	2.10.2	guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:52
phpseclib/phpseclib	GHSA-m557-wrgg-6rp4	中危	2.0.53	1.0.30, 2.0.55, 3.0.54	phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access 漏洞详情: https://github.com/advisories/GHSA-m557-wrgg-6rp4 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-06-16 15:03 修改: 2026-06-16 15:03
symfony/http-foundation	CVE-2026-48736	中危	v6.4.33	6.4.41, 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.4.13, 8.0.13	CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48736 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/mailer	CVE-2026-45068	中危	v6.4.31	4.0.0, 5.1.0, 5.3.0, 6.4.40, 5.0.0, 5.4.0, 5.4.52, 6.2.0, 6.4.0, 7.2.0, 7.4.0, 6.3.0, 7.1.0, 3.0.0, 5.2.0, 6.1.0, 7.3.0, 7.4.12, 8.0.12	CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45068 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
guzzlehttp/psr7	CVE-2026-49214	中危	2.9.0	2.10.2	guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:41
symfony/mime	CVE-2026-45070	中危	v6.4.32	5.0.0, 5.4.0, 6.3.0, 7.1.0, 3.0.0, 5.1.0, 8.0.12, 5.4.52, 6.1.0, 6.2.0, 6.4.40, 7.3.0, 7.4.0, 4.0.0, 5.2.0, 5.3.0, 6.4.0, 7.2.0, 7.4.12	CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45070 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/routing	CVE-2026-45065	中危	v6.4.32	6.4.40, 7.1.0, 7.4.0, 7.4.12, 8.0.12, 3.0.0, 5.4.0, 6.1.0, 6.2.0, 7.2.0, 6.4.0, 7.3.0, 6.3.0, 4.0.0, 5.0.0, 5.1.0, 5.3.0, 5.2.0, 5.4.52	CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45065 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/routing	CVE-2026-48784	中危	v6.4.32	5.2.0, 5.4.53, 6.3.0, 6.4.41, 7.2.0, 7.4.0, 8.0.13, 4.0.0, 5.4.0, 6.4.0, 7.4.13, 7.1.0, 3.0.0, 5.3.0, 6.1.0, 5.0.0, 6.2.0, 7.3.0, 5.1.0	CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48784 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/dom-crawler	CVE-2026-45071	低危	v6.4.32	6.4.0, 7.1.0, 5.0.0, 6.4.40, 7.4.0, 3.0.0, 4.0.0, 5.3.0, 7.2.0, 7.3.0, 5.2.0, 5.4.0, 6.1.0, 6.2.0, 7.4.12, 8.0.12, 5.1.0, 5.4.52, 6.3.0	CVE-2026-45071: XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45071 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
symfony/polyfill-intl-idn	CVE-2026-46644	低危	v1.32.0	1.38.1	[insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels] 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46644 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

app/www/src/apps/notifications/vendor/composer/installed.json (composer-vendor)

低危漏洞:0

中危漏洞:2

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
guzzlehttp/psr7	CVE-2026-48998	中危	2.8.0	2.10.2	guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:52
guzzlehttp/psr7	CVE-2026-49214	中危	2.8.0	2.10.2	guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214 镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc 发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:41

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

guzzlehttp/psr7

CVE-2026-48998

中危

2.8.0

2.10.2

guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998

镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc

发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:52

guzzlehttp/psr7

CVE-2026-49214

中危

2.8.0

2.10.2

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214

镜像层: sha256:f9bc42a8c28fe15a440f8f042586c51823cc56407ff4b31f7fa5718628d6a6cc

发布日期: 2026-06-11 13:16 修改: 2026-06-15 14:41

app/www/src/apps/photos/vendor/composer/installed.json (composer-vendor)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

app/www/src/apps/suspicious_login/vendor/composer/installed.json (composer-vendor)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

app/www/src/apps/twofactor_totp/vendor/composer/installed.json (composer-vendor)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

docker.io/linuxserver/nextcloud:34.0.0 linux/amd64

全部漏洞信息

docker.io/linuxserver/nextcloud:34.0.0 (alpine 3.22.4) (alpine)

Node.js (node-pkg)

app/www/src/3rdparty/composer/installed.json (composer-vendor)

app/www/src/apps/notifications/vendor/composer/installed.json (composer-vendor)

app/www/src/apps/photos/vendor/composer/installed.json (composer-vendor)

app/www/src/apps/suspicious_login/vendor/composer/installed.json (composer-vendor)

app/www/src/apps/twofactor_totp/vendor/composer/installed.json (composer-vendor)