docker.io/lunare/n8n-chinese:latest linux/amd64

docker.io/lunare/n8n-chinese:latest - Trivy安全扫描结果 扫描时间: 2026-07-09 15:37
全部漏洞信息
低危漏洞:44 中危漏洞:154 高危漏洞:107 严重漏洞:25

系统OS: alpine 3.22 扫描引擎: Trivy 扫描时间: 2026-07-09 15:37

docker.io/lunare/n8n-chinese:latest (alpine 3.22) (alpine)
低危漏洞:31 中危漏洞:31 高危漏洞:23 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-45447 高危 3.5.5-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-07-06 13:16

libexpat CVE-2026-45186 高危 2.7.5-r0 2.8.1-r0 libexpat: denial of service via crafted XML input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-05-10 07:16 修改: 2026-06-30 03:20

libexpat CVE-2026-56131 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56131

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56407 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in doProlog that is rela ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56407

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:28

libexpat CVE-2026-56408 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in copyString.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56408

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:27

libcrypto3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-45447 高危 3.5.5-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-07-06 13:16

libxml2 CVE-2026-6732 高危 2.13.9-r0 2.13.9-r1 libxml2: libxml2: Denial of Service via crafted XSD-validated document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6732

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-23 23:16 修改: 2026-06-30 20:16

musl CVE-2026-40200 高危 1.2.5-r10 1.2.5-r12 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

nghttp2-libs CVE-2026-27135 高危 1.65.0-r0 1.68.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-03-18 18:16 修改: 2026-06-30 03:17

libcrypto3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-45447 高危 3.5.5-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-07-06 13:16

zlib CVE-2026-22184 高危 1.3.1-r2 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

libcrypto3 CVE-2026-42764 中危 3.5.5-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45445 中危 3.5.5-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

libcrypto3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2026-34182 中危 3.5.5-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34183 中危 3.5.5-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

libssl3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-34182 中危 3.5.5-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34183 中危 3.5.5-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42764 中危 3.5.5-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45445 中危 3.5.5-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libexpat CVE-2026-50219 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

libexpat CVE-2026-56132 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

musl CVE-2026-6042 中危 1.2.5-r10 1.2.5-r11 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libexpat CVE-2026-56403 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56404 中危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in addBinding.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56404

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56405 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

libexpat CVE-2026-56406 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

libexpat CVE-2026-56410 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56410

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:18

libexpat CVE-2026-56411 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Integer Overflow Vulnerability Leading to Information Disclosure or Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56411

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 17:16 修改: 2026-06-23 16:16

libexpat CVE-2026-56412 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

openssl CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

openssl CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl CVE-2026-34182 中危 3.5.5-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-34183 中危 3.5.5-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-42764 中危 3.5.5-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-45445 中危 3.5.5-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

xz-libs CVE-2026-34743 中危 5.8.1-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39

libpng CVE-2026-34757 中危 1.6.56-r0 1.6.57-r0 libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-04-09 15:16 修改: 2026-06-17 10:39

zlib CVE-2026-27171 中危 1.3.1-r2 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libssl3 CVE-2026-7383 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libssl3 CVE-2026-9076 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-42769 低危 3.5.5-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42770 低危 3.5.5-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45446 低危 3.5.5-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-7383 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libcrypto3 CVE-2026-9076 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-34180 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34181 低危 3.5.5-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42766 低危 3.5.5-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libexpat CVE-2026-41080 低危 2.7.5-r0 2.8.1-r0 libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41080

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-04-16 17:16 修改: 2026-06-17 10:46

libcrypto3 CVE-2026-42767 低危 3.5.5-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42768 低危 3.5.5-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-34180 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34181 低危 3.5.5-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42766 低危 3.5.5-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42767 低危 3.5.5-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42768 低危 3.5.5-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-34180 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-34181 低危 3.5.5-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

openssl CVE-2026-42766 低危 3.5.5-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42767 低危 3.5.5-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42768 低危 3.5.5-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42769 低危 3.5.5-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-42770 低危 3.5.5-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

openssl CVE-2026-45446 低危 3.5.5-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

openssl CVE-2026-7383 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

openssl CVE-2026-9076 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:72d1b930c724b16041c258c2b8879574062e7fb4b2f8182eb8a1107d2edd6a00

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libssl3 CVE-2026-42769 低危 3.5.5-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42770 低危 3.5.5-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45446 低危 3.5.5-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libexpat CVE-2026-56409 未知 2.7.5-r0 2.8.2-r0 xmlwf in libexpat before 2.8.2 has an integer overflow for the output ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56409

镜像层: sha256:3a1e0604f4d6952c238150f7dce745f8f5765d9fa3ffba3739a5a59e3989b79f

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:21

Node.js (node-pkg)
低危漏洞:13 中危漏洞:123 高危漏洞:84 严重漏洞:22
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
n8n CVE-2026-44789 严重 2.16.0 1.123.43, 2.22.1, 2.20.7 n8n: HTTP Request Node Pagination Prototype Pollution to RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44789

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:16 修改: 2026-06-24 15:16

n8n CVE-2026-44790 严重 2.16.0 1.123.43, 2.22.1, 2.20.7 n8n Has an Arbitrary File Read via Git Node

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44790

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:16 修改: 2026-06-24 13:54

n8n CVE-2026-44791 严重 2.16.0 1.123.43, 2.22.1, 2.20.7 n8n Has an XML Node Prototype Pollution Patch Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44791

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:16 修改: 2026-06-24 13:57

protobufjs CVE-2026-41242 严重 7.4.0 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

protobufjs CVE-2026-41242 严重 7.5.4 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

shell-quote CVE-2026-9277 严重 1.8.3 1.8.4 shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9277

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-22 14:16 修改: 2026-07-02 12:17

vm2 CVE-2026-24118 严重 3.10.5 3.11.0 vm2: vm2: Arbitrary code execution due to sandbox breakout

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24118

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-24781 严重 3.10.5 3.11.0 vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24781

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-26332 严重 3.10.5 3.11.0 vm2: vm2: Arbitrary code execution via SuppressedError sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26332

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-43997 严重 3.10.5 3.11.0 vm2: vm2: Arbitrary code execution via sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43997

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-43999 严重 3.10.5 3.11.0 vm2: vm2: Remote code execution via NodeVM builtin allowlist bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43999

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44005 严重 3.10.5 3.11.0 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44005

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44006 严重 3.10.5 3.11.0 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44006

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44007 严重 3.10.5 3.11.1 vm2: vm2: Arbitrary code execution via nested NodeVM bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44007

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44008 严重 3.10.5 3.11.2 vm2: vm2: Arbitrary code execution due to sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44008

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44009 严重 3.10.5 3.11.2 vm2: vm2: Arbitrary Code Execution via Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44009

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-45411 严重 3.10.5 3.11.3 vm2: vm2: Arbitrary Code Execution due to sandbox escape vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45411

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:20

vm2 CVE-2026-47131 严重 3.10.5 3.11.4 vm2: vm2: Arbitrary code execution via sandbox escape vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47131

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47137 严重 3.10.5 3.11.4 vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47137

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47140 严重 3.10.5 3.11.4 vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47140

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47208 严重 3.10.5 3.11.4 vm2: vm2: Sandbox Breakout Using Promise Species

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47208

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47210 严重 3.10.5 3.11.4 vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47210

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

axios CVE-2026-42264 高危 1.13.5 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-08 04:16 修改: 2026-07-06 13:16

axios CVE-2026-44486 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44486 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44487 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44487 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44488 高危 1.13.5 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44488 高危 1.13.5 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44494 高危 1.13.5 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44494 高危 1.13.5 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44495 高危 1.13.5 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44495 高危 1.13.5 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44496 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44496 高危 1.13.5 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

fast-uri CVE-2026-6321 高危 3.0.1 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 20:16 修改: 2026-07-02 12:17

fast-uri CVE-2026-6322 高危 3.0.1 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-05 11:16 修改: 2026-07-03 13:17

fast-xml-builder CVE-2026-44665 高危 1.1.4 1.1.7 fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44665

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:51

form-data CVE-2026-12143 高危 4.0.4 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 19:16 修改: 2026-07-02 12:16

hono CVE-2026-54290 高危 4.12.7 4.12.25 hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54290

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

http-proxy-middleware CVE-2026-55603 高危 3.0.5 3.0.7, 4.1.1 http-proxy-middleware: http-proxy-middleware: Data integrity compromise via CR/LF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55603

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 21:16 修改: 2026-06-24 16:44

langsmith CVE-2026-45134 高危 0.4.12 0.6.0 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45134

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51

linkify-it CVE-2026-48801 高危 5.0.0 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

lodash CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

lodash-es CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

multer CVE-2026-5079 高危 2.1.1 2.2.0, 3.0.0-alpha.2 Multer vulnerable to Denial of Service via deeply nested field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5079

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-15 14:16 修改: 2026-06-17 10:58

@grpc/grpc-js CVE-2026-48068 高危 1.13.2 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: A malformed request can cause a server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@grpc/grpc-js CVE-2026-48069 高危 1.13.2 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

@grpc/grpc-js CVE-2026-48068 高危 1.14.3 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: A malformed request can cause a server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

n8n CVE-2026-42236 高危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42236

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-44792 高危 2.16.0 1.123.43, 2.21.1, 2.20.7 n8n Has a Source Control Pull SQL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44792

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:16 修改: 2026-06-24 13:55

n8n CVE-2026-45732 高危 2.16.0 1.123.43, 2.21.1, 2.20.7 n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45732

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 20:17

n8n CVE-2026-49444 高危 2.16.0 1.123.48, 2.22.4, 2.21.8 n8n: Python sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49444

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:23

n8n CVE-2026-54301 高危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Same-Origin XSS in Respond to Webhook Node

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54301

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:25

n8n CVE-2026-54302 高危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Stored XSS in Chat Trigger Node

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54302

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:24

n8n CVE-2026-54304 高危 2.16.0 1.123.55, 2.26.1, 2.25.7 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54304

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:24

n8n CVE-2026-54305 高危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54305

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:24

n8n CVE-2026-54307 高危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Credential Exfiltration via Permission Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54307

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:20

n8n CVE-2026-54309 高危 2.16.0 2.26.2, 2.25.7 n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54309

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:40

n8n CVE-2026-54312 高危 2.16.0 2.24.0 n8n: Microsoft SQL Node Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54312

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:41

nodemailer GHSA-p6gq-j5cr-w38f 高危 7.0.11 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

@grpc/grpc-js CVE-2026-48069 高危 1.14.3 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

protobufjs CVE-2026-44289 高危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 7.4.0 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.204.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

protobufjs CVE-2026-44289 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 7.5.4 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

samlify CVE-2026-46490 高危 2.10.0 2.13.0 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46490

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-08 19:16 修改: 2026-06-17 10:53

@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.207.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

sigstore CVE-2026-48815 高危 4.1.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

simple-git CVE-2026-6951 高危 3.32.3 3.36.0 simple-git: simple-git: Remote Code Execution due to incomplete fix bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6951

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-25 06:16 修改: 2026-06-30 03:21

tmp CVE-2026-44705 高危 0.2.4 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

undici CVE-2026-12151 高危 6.24.1 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-12151 高危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

undici CVE-2026-6734 高危 7.24.6 7.28.0, 8.2.0 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6734

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-07-07 12:17

undici CVE-2026-9697 高危 7.24.6 7.28.0, 8.5.0 undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9697

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-07-07 12:17

@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.213.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

@opentelemetry/sdk-node CVE-2026-44902 高危 0.204.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

@opentelemetry/sdk-node CVE-2026-44902 高危 0.207.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

@opentelemetry/sdk-node CVE-2026-44902 高危 0.213.0 0.217.0 opentelemetry-js: opentelemetry/exporter-prometheus: opentelemetry-js: Denial of Service via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-27 15:16 修改: 2026-06-17 10:51

@xmldom/xmldom CVE-2026-34601 高危 0.8.10 0.8.12, 0.9.9 xmldom: xmldom: XML structure injection via CDATA terminator

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34601

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-02 18:16 修改: 2026-06-30 03:18

@xmldom/xmldom CVE-2026-41672 高危 0.8.10 0.8.13, 0.9.10 xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41672

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-07 04:16 修改: 2026-07-06 13:16

@xmldom/xmldom CVE-2026-41673 高危 0.8.10 0.8.13, 0.9.10 @xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41673

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-07 04:16 修改: 2026-07-06 13:16

@xmldom/xmldom CVE-2026-41674 高危 0.8.10 0.8.13, 0.9.10 xmldom: xmldom: Arbitrary XML markup injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41674

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-07 04:16 修改: 2026-06-30 03:19

@xmldom/xmldom CVE-2026-41675 高危 0.8.10 0.8.13, 0.9.10 xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41675

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-07 04:16 修改: 2026-07-06 13:16

axios CVE-2026-42033 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42033 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42035 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42035 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42043 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42264 高危 1.13.5 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-08 04:16 修改: 2026-07-06 13:16

vm2 CVE-2026-43998 高危 3.10.5 3.11.0 vm2: vm2: Remote code execution due to path restriction bypass via symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43998

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44001 高危 3.10.5 3.11.0 vm2: vm2: Sandbox escape leads to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44001

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44004 高危 3.10.5 3.11.0 vm2: vm2: Denial of Service via host memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44004

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-47135 高危 3.10.5 3.11.4 vm2: vm2: Sandbox escape allows arbitrary code execution on the host system

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47135

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47139 高危 3.10.5 3.11.4 vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47139

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47209 高危 3.10.5 3.11.4 vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47209

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 13:20 修改: 2026-07-07 12:16

ws CVE-2026-48779 高危 8.18.3 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 13:20 修改: 2026-07-07 12:16

langsmith CVE-2026-41182 中危 0.4.12 0.5.19 LangSmith SDK: Streaming token events bypass output redaction

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41182

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-23 02:16 修改: 2026-06-17 10:46

@opentelemetry/core CVE-2026-54285 中危 2.2.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

lodash CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

@sigstore/core CVE-2026-48758 中危 3.2.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

lodash-es CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

@sigstore/verify CVE-2026-48816 中危 3.1.0 3.1.1 sigstore-js has Insufficient Verification of Data Authenticity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48816

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

multer CVE-2026-5038 中危 2.1.1 2.2.0, 3.0.0-alpha.2 Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5038

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-15 16:16 修改: 2026-06-17 10:58

@opentelemetry/core CVE-2026-54285 中危 2.4.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

axios CVE-2025-62718 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16

axios CVE-2025-62718 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16

axios CVE-2026-40175 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19

axios CVE-2026-40175 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19

axios CVE-2026-42034 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42034 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.13.5 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.13.5 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 1.13.5 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

n8n CVE-2026-42227 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42227

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-42228 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42228

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-42229 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n has SQL Injection in SeaTable Node

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42229

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-42230 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n has Open Redirect in MCP OAuth Consent Flow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42230

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-42233 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n has SQL Injection in Oracle Database Node via Limit Field

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42233

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-42237 中危 2.16.0 1.123.32, 2.18.1, 2.17.4 n8n has SQL Injection in Snowflake and MySQL Nodes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42237

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-04 19:16 修改: 2026-06-17 10:47

n8n CVE-2026-49465 中危 2.16.0 1.123.48, 2.22.4, 2.21.8 n8n: Git Node Clone and Push Operations Bypass File Sandbox

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49465

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:23

n8n CVE-2026-54303 中危 2.16.0 2.24.0 n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54303

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:39

n8n CVE-2026-54306 中危 2.16.0 2.26.2, 2.25.7 n8n: Prototype Pollution enables confused-deputy execution via public webhooks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54306

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 20:17

n8n CVE-2026-54308 中危 2.16.0 2.26.2, 2.25.7 n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54308

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 17:17 修改: 2026-06-26 02:20

n8n CVE-2026-54310 中危 2.16.0 2.26.2, 2.25.7 n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54310

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:41

n8n CVE-2026-54311 中危 2.16.0 2.26.2, 2.25.7 n8n: Merge Node SQL Mode Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54311

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:41

n8n CVE-2026-54313 中危 2.16.0 2.24.0 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54313

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:42

n8n CVE-2026-54314 中危 2.16.0 2.24.0 n8n: Denial of Service via ZIP decompression in webhook workflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54314

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-23 16:17 修改: 2026-06-25 18:42

n8n CVE-2026-56348 中危 2.16.0 2.20.0 n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56348

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 22:16 修改: 2026-06-24 16:46

n8n GHSA-2vx9-7wpg-88jq 中危 2.16.0 2.19.3 n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

漏洞详情: https://github.com/advisories/GHSA-2vx9-7wpg-88jq

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-19 15:55 修改: 2026-05-19 15:55

n8n GHSA-664h-gpgq-h6xx 中危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints

漏洞详情: https://github.com/advisories/GHSA-664h-gpgq-h6xx

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 13:55 修改: 2026-06-17 13:55

n8n GHSA-h3jj-5f3v-3685 中危 2.16.0 2.26.2, 2.25.7 n8n: Public API Execution Retry Authorization Bypass

漏洞详情: https://github.com/advisories/GHSA-h3jj-5f3v-3685

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-16 22:40 修改: 2026-06-16 22:40

n8n GHSA-hv7x-3x78-gx53 中危 2.16.0 1.123.55, 2.26.2, 2.25.7 n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

漏洞详情: https://github.com/advisories/GHSA-hv7x-3x78-gx53

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-16 18:59 修改: 2026-06-16 18:59

n8n GHSA-jwm3-qcfw-c5pp 中危 2.16.0 2.26.2, 2.25.7 n8n: Python Code Node AST Validator Bypass

漏洞详情: https://github.com/advisories/GHSA-jwm3-qcfw-c5pp

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-16 22:39 修改: 2026-06-16 22:39

axios CVE-2026-42039 中危 1.13.5 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

nodemailer GHSA-268h-hp4c-crq3 中危 7.0.11 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 7.0.11 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 7.0.11 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 7.0.11 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

postcss CVE-2026-41305 中危 8.4.49 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

axios CVE-2026-42041 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42041 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42042 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42042 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42044 中危 1.13.5 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-07 12:16

axios CVE-2026-42044 中危 1.13.5 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-07-07 12:16

protobufjs CVE-2026-44288 中危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.4.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.4.0 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.4.0 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

axios CVE-2026-44490 中危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2026-44490 中危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

@opentelemetry/core CVE-2026-54285 中危 2.5.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

@opentelemetry/core CVE-2026-54285 中危 2.6.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

protobufjs CVE-2026-44288 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.5.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.5.4 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.5.4 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2026-8723 中危 6.14.2 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

@hono/node-server CVE-2026-39406 中危 1.19.10 1.19.13 @hono/node-server: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39406

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

fast-xml-parser CVE-2026-41650 中危 5.5.7 5.7.0 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46

showdown CVE-2024-1899 中危 2.1.0 Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1899

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2024-02-26 19:15 修改: 2026-06-17 07:05

file-type CVE-2026-31808 中危 16.5.4 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.11 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.11 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.11 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

undici CVE-2026-9679 中危 6.24.1 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

@langchain/community CVE-2026-27795 中危 1.1.14 1.1.18 langchain-core: @langchain/community: Server-Side Request Forgery (SSRF) bypass via redirect manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27795

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-02-25 18:23 修改: 2026-06-17 10:27

@langchain/community CVE-2026-27795 中危 1.1.14 1.1.18 langchain-core: @langchain/community: Server-Side Request Forgery (SSRF) bypass via redirect manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27795

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-02-25 18:23 修改: 2026-06-17 10:27

hono CVE-2026-39407 中危 4.12.7 4.12.12 Hono: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39407

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

undici CVE-2026-9678 中危 7.24.6 7.28.0, 8.5.0 undici: Undici: Information disclosure due to improper cache-control header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9678

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:44

undici CVE-2026-9679 中危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

uuid CVE-2026-41907 中危 10.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 11.1.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 13.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

hono CVE-2026-39408 中危 4.12.7 4.12.12 Hono: Path traversal in toSSG() allows writing files outside the output directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39408

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-39409 中危 4.12.7 4.12.12 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39409

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-39410 中危 4.12.7 4.12.12 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39410

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 15:16 修改: 2026-06-17 10:42

hono CVE-2026-44455 中危 4.12.7 4.12.16 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44455

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-44456 中危 4.12.7 4.12.16 Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44456

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-44457 中危 4.12.7 4.12.18 Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44457

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-44458 中危 4.12.7 4.12.18 Hono has CSS Declaration Injection via Style Object Values in JSX SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44458

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

hono CVE-2026-47673 中危 4.12.7 4.12.21 Hono: JWT middleware accepts any Authorization scheme, not only Bearer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47673

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47674 中危 4.12.7 4.12.21 Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47674

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47675 中危 4.12.7 4.12.21 Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47675

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-47676 中危 4.12.7 4.12.21 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47676

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-28 17:16 修改: 2026-06-17 10:54

hono CVE-2026-54286 中危 4.12.7 4.12.25 hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54286

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:16

hono CVE-2026-54287 中危 4.12.7 4.12.25 hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54287

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

hono CVE-2026-54288 中危 4.12.7 4.12.25 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54288

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 19:17 修改: 2026-06-23 15:16

hono CVE-2026-54289 中危 4.12.7 4.12.25 hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54289

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-22 19:49

hono CVE-2026-56761 中危 4.12.7 4.12.14 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56761

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-24 13:16 修改: 2026-06-26 19:59

hono GHSA-26pp-8wgv-hjvm 中危 4.12.7 4.12.12 Hono missing validation of cookie name on write path in setCookie()

漏洞详情: https://github.com/advisories/GHSA-26pp-8wgv-hjvm

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-08 00:17 修改: 2026-04-08 00:17

@opentelemetry/core CVE-2026-54285 中危 2.0.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

http-proxy-middleware CVE-2026-55602 中危 3.0.5 3.0.6, 4.1.0, 2.0.10 http-proxy-middleware: http-proxy-middleware: Unintended backend routing due to crafted Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55602

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:06

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:b71cccb031a1c90a43d09338d1a66a4a66c1844b9d28da4f61777abc2b4d6bf3

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

js-yaml CVE-2026-53550 中危 4.1.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

vm2 CVE-2026-44000 中危 3.10.5 3.11.0 vm2: vm2: Sandbox escape allows direct interaction with host objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44000

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-44002 中危 3.10.5 3.11.0 vm2: vm2: Information disclosure through unsanitized host paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44002

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-44003 中危 3.10.5 3.11.0 vm2: vm2: Sandbox escape due to code transformer optimization bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44003

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-47141 中危 3.10.5 3.11.4 vm2: vm2: NodeVM observability builtins leak host process and HTTP request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47141

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 GHSA-2cm2-m3w5-gp2f 中危 3.10.5 3.11.2 vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

漏洞详情: https://github.com/advisories/GHSA-2cm2-m3w5-gp2f

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-08 16:22 修改: 2026-05-08 16:22

@opentelemetry/core CVE-2026-54285 中危 2.1.0 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-15 15:16 修改: 2026-07-02 12:17

langsmith CVE-2026-40190 中危 0.4.12 0.5.18 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40190

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-10 20:16 修改: 2026-07-07 18:33

ws CVE-2026-45736 中危 8.18.3 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-15 15:16 修改: 2026-07-02 12:17

yaml CVE-2026-33532 中危 2.3.4 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

axios CVE-2026-42040 低危 1.13.5 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

hono CVE-2026-44459 低危 4.12.7 4.12.18 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44459

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

undici CVE-2026-11525 低危 6.24.1 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 6.24.1 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

@ai-sdk/provider-utils CVE-2026-8769 低危 2.2.8 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8769

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-17 23:17 修改: 2026-06-17 11:04

@ai-sdk/provider-utils CVE-2026-8769 低危 3.0.20 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8769

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-17 23:17 修改: 2026-06-17 11:04

vm2 GHSA-q3fm-4wcw-g57x 低危 3.10.5 3.11.4 vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

漏洞详情: https://github.com/advisories/GHSA-q3fm-4wcw-g57x

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-05-29 17:38 修改: 2026-05-29 17:38

@supabase/auth-js CVE-2025-48370 低危 2.69.1 2.70.0 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48370

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2025-05-27 16:15 修改: 2026-06-17 09:29

axios CVE-2026-42040 低危 1.13.5 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

undici CVE-2026-11525 低危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 7.24.6 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

nodemailer GHSA-c7w3-x93f-qmm8 低危 7.0.11 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:dba2c89ff31cda3c1da4f59ac608c103ebaefb8d6ae1cfab035a79620b532a5f

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×