docker.io/moefurina/ncm-api:4.36.2 linux/amd64

docker.io/moefurina/ncm-api:4.36.2 - Trivy安全扫描结果 扫描时间: 2026-07-15 04:26
全部漏洞信息
低危漏洞:3 中危漏洞:4 高危漏洞:2 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-07-15 04:26

docker.io/moefurina/ncm-api:4.36.2 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:3 中危漏洞:4 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
serialize-javascript GHSA-5c6j-r48x-rmvq 高危 6.0.2 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:5beb8a87cd75bb644ae7a32e607e5172d183cbdf837351a186c32d70dbe8445f

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

undici CVE-2026-12151 高危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:0ba8902ff50f7fee1d64f2ed6d666e61a9fde25a6d288e667ac6690dd864f97b

发布日期: 2026-06-17 17:16 修改: 2026-07-13 13:16

serialize-javascript CVE-2026-34043 中危 6.0.2 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:5beb8a87cd75bb644ae7a32e607e5172d183cbdf837351a186c32d70dbe8445f

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

tar CVE-2026-53655 中危 7.5.15 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:0ba8902ff50f7fee1d64f2ed6d666e61a9fde25a6d288e667ac6690dd864f97b

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

pkg CVE-2024-24828 中危 5.8.1 pkg: incorrect default permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24828

镜像层: sha256:5beb8a87cd75bb644ae7a32e607e5172d183cbdf837351a186c32d70dbe8445f

发布日期: 2024-02-09 23:15 修改: 2026-06-17 07:14

undici CVE-2026-9679 中危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:0ba8902ff50f7fee1d64f2ed6d666e61a9fde25a6d288e667ac6690dd864f97b

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

diff CVE-2026-24001 低危 7.0.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:5beb8a87cd75bb644ae7a32e607e5172d183cbdf837351a186c32d70dbe8445f

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

undici CVE-2026-11525 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:0ba8902ff50f7fee1d64f2ed6d666e61a9fde25a6d288e667ac6690dd864f97b

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:0ba8902ff50f7fee1d64f2ed6d666e61a9fde25a6d288e667ac6690dd864f97b

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×