docker.io/moefurina/ncm-api:4.36.1 linux/amd64

docker.io/moefurina/ncm-api:4.36.1 - Trivy安全扫描结果 扫描时间: 2026-06-23 18:19
全部漏洞信息
低危漏洞:3 中危漏洞:6 高危漏洞:2 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-23 18:19

docker.io/moefurina/ncm-api:4.36.1 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:3 中危漏洞:6 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
serialize-javascript GHSA-5c6j-r48x-rmvq 高危 6.0.2 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:4868808bdfabf3b2143c7c1976394865d1059f7b39c489572c189f3fd70fad28

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17
undici CVE-2026-12151 高危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
pkg CVE-2024-24828 中危 5.8.1 pkg: incorrect default permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24828

镜像层: sha256:4868808bdfabf3b2143c7c1976394865d1059f7b39c489572c189f3fd70fad28

发布日期: 2024-02-09 23:15 修改: 2024-11-21 08:59
brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
serialize-javascript CVE-2026-34043 中危 6.0.2 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:4868808bdfabf3b2143c7c1976394865d1059f7b39c489572c189f3fd70fad28

发布日期: 2026-03-31 03:15 修改: 2026-04-03 16:53
tar CVE-2026-53655 中危 7.5.13 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
undici CVE-2026-9679 中危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
diff CVE-2026-24001 低危 7.0.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:4868808bdfabf3b2143c7c1976394865d1059f7b39c489572c189f3fd70fad28

发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
undici CVE-2026-11525 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
undici CVE-2026-6733 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:d3c73e8570f30954434f38f7fa096f4923e63a45eadfa889beb1006f32cd0ead

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×