docker.io/linuxserver/openvscode-server:version-1.109.5 linux/amd64

docker.io/linuxserver/openvscode-server:version-1.109.5 - Trivy安全扫描结果 扫描时间: 2026-06-11 15:00
全部漏洞信息
低危漏洞:26 中危漏洞:49 高危漏洞:21 严重漏洞:4

系统OS: ubuntu 24.04 扫描引擎: Trivy 扫描时间: 2026-06-11 15:00

docker.io/linuxserver/openvscode-server:version-1.109.5 (ubuntu 24.04) (ubuntu)
低危漏洞:22 中危漏洞:34 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libssl3t64 CVE-2026-45447 高危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-45447 高危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
git-man CVE-2024-52005 中危 1:2.43.0-1ubuntu7.3 git: The sideband payload is passed unfiltered to the terminal in git

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
libblkid1 CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin CVE-2026-4046 中危 2.39-0ubuntu8.7 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin CVE-2026-4437 中危 2.39-0ubuntu8.7 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc-bin CVE-2026-4438 中危 2.39-0ubuntu8.7 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc-bin CVE-2026-5435 中危 2.39-0ubuntu8.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin CVE-2026-6238 中危 2.39-0ubuntu8.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6 CVE-2026-4046 中危 2.39-0ubuntu8.7 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6 CVE-2026-4437 中危 2.39-0ubuntu8.7 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
libc6 CVE-2026-4438 中危 2.39-0ubuntu8.7 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
libc6 CVE-2026-5435 中危 2.39-0ubuntu8.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6 CVE-2026-6238 中危 2.39-0ubuntu8.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libexpat1 CVE-2025-66382 中危 2.6.1-2ubuntu0.4 libexpat: libexpat: Denial of service via crafted file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2025-11-28 07:15 修改: 2026-06-02 14:16
libmount1 CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsmartcols1 CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdutils CVE-2026-27456 中危 1:2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64 CVE-2026-34182 中危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue Summary: Cryptographic Message Services (CMS) processing fails t ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64 CVE-2026-45445 中危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When an application drives an AES-OCB context through t ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libsystemd0 CVE-2026-40226 中危 255.4-1ubuntu8.15 255.4-1ubuntu8.16 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1 CVE-2026-40226 中危 255.4-1ubuntu8.15 255.4-1ubuntu8.16 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1 CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
locales CVE-2026-4046 中危 2.39-0ubuntu8.7 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
locales CVE-2026-4437 中危 2.39-0ubuntu8.7 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
locales CVE-2026-4438 中危 2.39-0ubuntu8.7 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
locales CVE-2026-5435 中危 2.39-0ubuntu8.7 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
locales CVE-2026-6238 中危 2.39-0ubuntu8.7 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
mount CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
git CVE-2024-52005 中危 1:2.43.0-1ubuntu7.3 git: The sideband payload is passed unfiltered to the terminal in git

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
openssl CVE-2026-34182 中危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue Summary: Cryptographic Message Services (CMS) processing fails t ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-45445 中危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When an application drives an AES-OCB context through t ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
systemd-standalone-sysusers CVE-2026-40226 中危 255.4-1ubuntu8.15 255.4-1ubuntu8.16 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
tar CVE-2025-45582 中危 1.35+dfsg-3build1 tar: Tar path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar CVE-2026-5704 中危 1.35+dfsg-3build1 tar: tar: Hidden file injection via crafted archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux CVE-2026-27456 中危 2.39.3-9ubuntu6.5 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3t64 CVE-2026-7383 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A signed integer overflow when sizing the destination b ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64 CVE-2026-9076 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
login CVE-2024-56433 低危 1:4.13+dfsg1-4ubuntu3.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libgcrypt20 CVE-2024-2236 低危 1.10.3-2ubuntu0.1 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
libsystemd0 CVE-2026-40228 低危 255.4-1ubuntu8.15 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libssl3t64 CVE-2026-34180 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libudev1 CVE-2026-40228 低危 255.4-1ubuntu8.15 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
openssl CVE-2026-34180 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a pr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-42766 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A specially crafted password-encrypted CMS message can ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-42767 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: An attacker-controlled CMP (Certificate Management Prot ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-42770 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-45446 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-7383 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A signed integer overflow when sizing the destination b ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
openssl CVE-2026-9076 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
passwd CVE-2024-56433 低危 1:4.13+dfsg1-4ubuntu3.2 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
patch CVE-2018-6952 低危 2.7.6-7build3 patch: Double free of memory in pch.c:another_hunk() causes a crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-6952

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2018-02-13 19:29 修改: 2024-11-21 04:11
patch CVE-2021-45261 低危 2.7.6-7build3 patch: Invalid Pointer via another_hunk function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45261

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2021-12-22 18:15 修改: 2024-11-21 06:32
libssl3t64 CVE-2026-42766 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: A specially crafted password-encrypted CMS message can ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
systemd-standalone-sysusers CVE-2026-40228 低危 255.4-1ubuntu8.15 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:ad2563131f44e28ae1580c2d54fd602431b597faa3dc9ae3cc8abd1544a926b7

发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libssl3t64 CVE-2026-42767 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: An attacker-controlled CMP (Certificate Management Prot ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64 CVE-2026-42770 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3t64 CVE-2026-45446 低危 3.0.13-0ubuntu3.9 3.0.13-0ubuntu3.11 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:acaadac149162b12c0c052a22ce9c4895399ee20ebb48336c69acf1348e78bd4

发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
Node.js (node-pkg)
低危漏洞:4 中危漏洞:15 高危漏洞:19 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
handlebars CVE-2019-19919 严重 1.0.0 4.3.0, 3.0.8 nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-12-20 23:15 修改: 2024-11-21 04:35
handlebars CVE-2021-23369 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2021-04-12 14:15 修改: 2024-11-21 05:51
handlebars CVE-2021-23383 严重 1.0.0 4.7.7 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2021-05-04 09:15 修改: 2024-11-21 05:51
shell-quote CVE-2026-9277 严重 1.8.3 1.8.4 shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9277

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
grunt CVE-2020-7729 高危 1.0.0 1.3.0 The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7729

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-03 09:15 修改: 2024-11-21 05:37
grunt CVE-2022-1537 高危 1.0.0 1.5.3 gruntjs: race condition leading to arbitrary file write

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1537

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2022-05-10 14:15 修改: 2024-11-21 06:40
handlebars CVE-2019-20920 高危 1.0.0 3.0.8, 4.5.3 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-30 18:15 修改: 2024-11-21 04:39
handlebars GHSA-2cf5-4w76-r9qv 高危 1.0.0 3.0.8, 4.5.2 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-04 14:57 修改: 2024-01-29 20:54
handlebars GHSA-g9r4-xpmj-mj65 高危 1.0.0 3.0.8, 4.5.3 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-04 15:06 修改: 2020-08-31 18:55
handlebars GHSA-q2c6-c6pm-g3gh 高危 1.0.0 3.0.8, 4.5.3 Arbitrary Code Execution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-04 15:07 修改: 2020-08-31 18:55
handlebars GHSA-q42p-pg8m-cqh6 高危 1.0.0 4.1.2, 4.0.14, 3.0.7 Prototype Pollution in handlebars

漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-06-05 14:07 修改: 2021-08-04 20:54
ini CVE-2020-7788 高危 1.0.0 1.3.6 nodejs-ini: Prototype pollution via malicious INI file

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-12-11 11:15 修改: 2024-11-21 05:37
json CVE-2020-7712 高危 1.0.0 10.0.0 trentm/json vulnerable to command injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-08-30 08:15 修改: 2024-11-21 05:37
lodash-es CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-31 20:16 修改: 2026-05-01 18:09
npm CVE-2018-7408 高危 1.0.1 5.7.1 Incorrect Permission Assignment for Critical Resource in NPM

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2018-02-22 18:29 修改: 2024-11-21 04:12
npm CVE-2019-16775 高危 1.0.1 6.13.3 npm: Symlink reference outside of node_modules folder through the bin field upon installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm CVE-2019-16776 高危 1.0.1 6.13.3 npm: Arbitrary file write via constructed entry in the package.json bin field

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
npm CVE-2019-16777 高危 1.0.1 6.13.4 npm: Global node_modules Binary Overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-12-13 01:15 修改: 2024-11-21 04:31
picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
diff GHSA-h6ch-v84p-w6p9 高危 1.0.0 3.5.0 Regular Expression Denial of Service (ReDoS)

漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2019-06-13 18:58 修改: 2021-02-24 19:27
undici CVE-2026-1526 高危 7.19.0 6.24.0, 7.24.0 undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1526

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:56
undici CVE-2026-1528 高危 7.19.0 6.24.0, 7.24.0 undici: undici: Denial of Service via crafted WebSocket frame with large length

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1528

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:41
undici CVE-2026-2229 高危 7.19.0 6.24.0, 7.24.0 undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2229

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:39
npm CVE-2016-3956 中危 1.0.1 >= 2.15.1 <= 3.0.0, >= 3.8.3 npm: bearer token leak to non-registry hosts

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2016-07-02 14:59 修改: 2026-05-06 22:30
npm CVE-2020-15095 中危 1.0.1 6.14.6 npm: sensitive information exposure through logs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-07-07 19:15 修改: 2024-11-21 05:04
lodash-es CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-31 20:16 修改: 2026-04-07 16:12
picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
pug CVE-2021-21353 中危 1.0.0 3.0.1 pug: user provided objects as input to pug templates can achieve remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2021-03-03 02:15 修改: 2025-05-27 21:08
pug CVE-2024-36361 中危 1.0.0 3.0.3 Pug allows JavaScript code execution if an application accepts untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2024-05-24 06:15 修改: 2026-04-15 00:35
grunt CVE-2022-0436 中危 1.0.0 1.5.2 Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0436

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2022-04-12 21:15 修改: 2024-11-21 06:38
ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
handlebars CVE-2015-8861 中危 1.0.0 >=4.0.0 The handlebars package before 4.0.0 for Node.js allows remote attacker ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2017-01-23 21:59 修改: 2026-05-13 00:24
handlebars NSWG-ECO-519 中危 1.0.0 >=4.6.0 Denial of Service

漏洞详情: https://hackerone.com/reports/726364

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
undici CVE-2026-1525 中危 7.19.0 6.24.0, 7.24.0 undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1525

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 20:16 修改: 2026-03-19 17:29
undici CVE-2026-1527 中危 7.19.0 6.24.0, 7.24.0 undici: Undici: HTTP header injection and request smuggling vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1527

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:49
undici CVE-2026-2581 中危 7.19.0 7.24.0 undici: Undici: Denial of Service due to uncontrolled resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2581

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-12 21:16 修改: 2026-03-18 13:37
uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
yaml CVE-2026-33532 中危 1.0.0 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
diff CVE-2026-24001 低危 1.0.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
markdown GHSA-wx77-rp39-c6vg 低危 1.0.0 Regular Expression Denial of Service in markdown

漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2020-09-04 15:11 修改: 2022-03-24 22:10
npm CVE-2013-4116 低危 1.0.1 >=1.3.3 npm: Insecure temporary directory generation

漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2014-04-22 14:23 修改: 2026-05-06 22:30
@tootallnate/once CVE-2026-3449 低危 3.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:04701c49dfb601fde4e3b9a490ff2ac4da302ed3554d0ba57f28a6e360ead0cc

发布日期: 2026-03-03 05:17 修改: 2026-05-19 15:38