| fast-xml-parser |
CVE-2026-25896 |
严重 |
5.2.5 |
5.3.5, 4.5.4 |
fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-02-20 21:19 修改: 2026-03-02 14:54
|
| fast-xml-parser |
CVE-2026-25128 |
高危 |
5.2.5 |
5.3.4 |
fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25128
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-01-30 16:16 修改: 2026-02-27 20:22
|
| fast-xml-parser |
CVE-2026-26278 |
高危 |
5.2.5 |
4.5.4, 5.3.6 |
fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-02-19 20:25 修改: 2026-02-23 19:30
|
| fast-xml-parser |
CVE-2026-33036 |
高危 |
5.2.5 |
5.5.6, 4.5.5 |
fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-03-20 06:16 修改: 2026-03-23 16:28
|
| next |
CVE-2026-44573 |
高危 |
15.3.8 |
15.5.16, 16.2.5 |
next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:24
|
| next |
CVE-2026-44575 |
高危 |
15.3.8 |
15.5.16, 16.2.5 |
next.js: Next.js: Unauthorized access to protected content via middleware bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44575
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:38
|
| next |
CVE-2026-44578 |
高危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
|
| next |
CVE-2026-44579 |
高危 |
15.3.8 |
15.5.16, 16.2.5 |
next.js: Next.js: Denial of Service via crafted POST requests to server actions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44579
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
|
| next |
CVE-2026-45109 |
高危 |
15.3.8 |
15.5.18, 16.2.6 |
next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45109
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 14:14
|
| next |
GHSA-8h8q-6873-q5fj |
高危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js Vulnerable to Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
|
| next |
GHSA-h25m-26qc-wcjf |
高危 |
15.3.8 |
15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5 |
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
漏洞详情: https://github.com/advisories/GHSA-h25m-26qc-wcjf
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-01-28 15:38 修改: 2026-01-28 15:38
|
| next |
GHSA-q4gf-8mx6-v5v3 |
高危 |
15.3.8 |
15.5.15, 16.2.3 |
Next.js has a Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
|
| next-mdx-remote |
CVE-2026-0969 |
高危 |
5.0.0 |
6.0.0 |
next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0969
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-02-12 03:15 修改: 2026-04-15 00:35
|
| fast-xml-parser |
CVE-2026-41650 |
中危 |
5.2.5 |
5.7.0 |
fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-07 15:16 修改: 2026-05-12 20:30
|
| next |
CVE-2025-55173 |
中危 |
15.3.8 |
14.2.31, 15.4.5 |
nextjs: Next.js Content Injection Vulnerability for Image Optimization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55173
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:42
|
| next |
CVE-2025-57752 |
中危 |
15.3.8 |
14.2.31, 15.4.5 |
nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57752
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:43
|
| next |
CVE-2025-57822 |
中危 |
15.3.8 |
14.2.32, 15.4.7 |
Next.js Improper Middleware Redirect Handling Leads to SSRF
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57822
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2025-08-29 22:15 修改: 2025-09-08 16:41
|
| next |
CVE-2025-59471 |
中危 |
15.3.8 |
15.5.10, 16.1.5 |
next: NextJS Denial of Service in Image Optimizer
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59471
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-01-26 22:15 修改: 2026-02-13 15:03
|
| next |
CVE-2026-27980 |
中危 |
15.3.8 |
16.1.7, 15.5.14 |
next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:52
|
| next |
CVE-2026-29057 |
中危 |
15.3.8 |
16.1.7, 15.5.13 |
next.js: Next.js: HTTP request smuggling in rewrites
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:49
|
| next |
CVE-2026-44576 |
中危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning vulnerability in React Server Components
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 17:16 修改: 2026-05-14 13:44
|
| next |
CVE-2026-44577 |
中危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js: Next.js: Denial of Service via Image Optimization API
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 17:16 修改: 2026-05-13 20:00
|
| next |
CVE-2026-44580 |
中危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:33
|
| next |
CVE-2026-44581 |
中危 |
15.3.8 |
15.5.16, 16.2.5 |
next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:30
|
| fast-xml-parser |
CVE-2026-33349 |
中危 |
5.2.5 |
4.5.5, 5.5.7 |
fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-03-24 20:16 修改: 2026-03-26 13:01
|
| postcss |
CVE-2026-41305 |
中危 |
8.4.31 |
8.5.10 |
postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-04-24 03:16 修改: 2026-04-24 17:16
|
| uuid |
CVE-2026-41907 |
中危 |
9.0.1 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
|
| yaml |
CVE-2026-33532 |
中危 |
2.8.2 |
2.8.3, 1.10.3 |
yaml: yaml: Denial of Service via deeply nested YAML document parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-03-26 20:16 修改: 2026-04-02 18:11
|
| next |
CVE-2026-44572 |
低危 |
15.3.8 |
15.5.16, 16.2.5 |
next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 16:16 修改: 2026-05-15 15:46
|
| next |
CVE-2026-44582 |
低危 |
15.3.8 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning allows incorrect response delivery
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:15
|
| fast-xml-parser |
CVE-2026-27942 |
低危 |
5.2.5 |
5.3.8, 4.5.4 |
fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942
镜像层: sha256:12bb9aa43d7b38ada207f8f7464516b0d3393b770bdb00644c0af3c1e4122d96
发布日期: 2026-02-26 02:16 修改: 2026-03-02 14:54
|