docker.io/moonrailgun/tailchat:latest linux/arm64

docker.io/moonrailgun/tailchat:latest - Trivy安全扫描结果 扫描时间: 2026-07-12 22:25 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:85 中危漏洞:572 高危漏洞:514 严重漏洞:76

系统OS: alpine 3.18.4 扫描引擎: Trivy 扫描时间: 2026-07-12 22:25

docker.io/moonrailgun/tailchat:latest (alpine 3.18.4) (alpine)
低危漏洞:14 中危漏洞:18 高危漏洞:6 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2023-5363 高危 3.1.3-r0 3.1.4-r0 openssl: Incorrect cipher key and IV length processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:48

libcrypto3 CVE-2024-6119 高危 3.1.3-r0 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libssl3 CVE-2023-5363 高危 3.1.3-r0 3.1.4-r0 openssl: Incorrect cipher key and IV length processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:48

libssl3 CVE-2024-6119 高危 3.1.3-r0 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

musl CVE-2025-26519 高危 1.2.4-r1 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2025-26519 高危 1.2.4-r1 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

busybox-binsh CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcrypto3 CVE-2023-5678 中危 3.1.3-r0 3.1.4-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

libcrypto3 CVE-2023-6129 中危 3.1.3-r0 3.1.4-r3 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-01-09 17:15 修改: 2026-06-17 06:50

libcrypto3 CVE-2024-0727 中危 3.1.3-r0 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

busybox CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libssl3 CVE-2023-5678 中危 3.1.3-r0 3.1.4-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

libssl3 CVE-2023-6129 中危 3.1.3-r0 3.1.4-r3 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-01-09 17:15 修改: 2026-06-17 06:50

libssl3 CVE-2024-0727 中危 3.1.3-r0 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

busybox-binsh CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcrypto3 CVE-2024-4741 低危 3.1.3-r0 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2023-6237 低危 3.1.3-r0 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-04-25 07:15 修改: 2026-06-17 06:50

libssl3 CVE-2024-13176 低危 3.1.3-r0 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-2511 低危 3.1.3-r0 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl3 CVE-2024-4603 低危 3.1.3-r0 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-4741 低危 3.1.3-r0 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.1.3-r0 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.1.3-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2024-5535 低危 3.1.3-r0 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libcrypto3 CVE-2024-9143 低危 3.1.3-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2023-6237 低危 3.1.3-r0 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-04-25 07:15 修改: 2026-06-17 06:50

libcrypto3 CVE-2024-13176 低危 3.1.3-r0 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-2511 低危 3.1.3-r0 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libcrypto3 CVE-2024-4603 低危 3.1.3-r0 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:5f4d9fc4d98de91820d2a9c81e501c8cc6429bc8758b43fcb2cd50f4cab9a324

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

Node.js (node-pkg)
低危漏洞:48 中危漏洞:223 高危漏洞:242 严重漏洞:48
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
@babel/traverse CVE-2023-45133 严重 7.20.12 7.23.2, 8.0.0-alpha.4 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-10-12 17:15 修改: 2026-06-17 06:28

@babel/traverse CVE-2023-45133 严重 7.20.5 7.23.2, 8.0.0-alpha.4 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-10-12 17:15 修改: 2026-06-17 06:28

@babel/traverse CVE-2023-45133 严重 7.21.2 7.23.2, 8.0.0-alpha.4 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-10-12 17:15 修改: 2026-06-17 06:28

decompress CVE-2026-53486 严重 4.2.1 Decompress: Archive extraction can create files and links outside of the target directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53486

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

fast-xml-parser CVE-2026-25896 严重 4.2.6 5.3.5, 4.5.4 fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-20 21:19 修改: 2026-06-30 03:17

form-data CVE-2025-7783 严重 2.3.3 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

form-data CVE-2025-7783 严重 3.0.1 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

form-data CVE-2025-7783 严重 4.0.0 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

handlebars CVE-2026-33937 严重 4.7.7 4.7.9 handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33937

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

i18next-fs-backend CVE-2026-48713 严重 1.1.5 2.6.6 i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48713

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-15 22:16 修改: 2026-06-17 16:39

i18next-fs-backend CVE-2026-48713 严重 1.2.0 2.6.6 i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48713

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-15 22:16 修改: 2026-06-17 16:39

koa CVE-2025-25200 严重 2.13.4 2.15.4, 3.0.0-alpha.3, 1.7.1, 0.21.2 Inefficient Regular Expression Complexity in koa

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25200

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-12 18:15 修改: 2026-06-17 09:00

loader-utils CVE-2022-37601 严重 1.4.0 2.0.3, 1.4.1 loader-utils: prototype pollution in function parseQuery in parseQuery.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37601

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-12 20:15 修改: 2026-06-17 04:55

loader-utils CVE-2022-37601 严重 2.0.2 2.0.3, 1.4.1 loader-utils: prototype pollution in function parseQuery in parseQuery.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37601

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-12 20:15 修改: 2026-06-17 04:55

minimist CVE-2021-44906 严重 1.2.0 1.2.6, 0.2.4 minimist: prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-03-17 16:15 修改: 2026-06-17 04:12

mongoose CVE-2023-3696 严重 6.1.1 7.3.3, 6.11.3, 5.13.20 Mongoose Prototype Pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3696

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-17 01:15 修改: 2026-06-17 06:14

mongoose CVE-2025-23061 严重 6.1.1 8.9.5, 7.8.4, 6.13.6 Mongoose search injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23061

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-15 05:15 修改: 2026-06-17 08:51

mongoose CVE-2023-3696 严重 6.7.5 7.3.3, 6.11.3, 5.13.20 Mongoose Prototype Pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3696

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2023-07-17 01:15 修改: 2026-06-17 06:14

mongoose CVE-2025-23061 严重 6.7.5 8.9.5, 7.8.4, 6.13.6 Mongoose search injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23061

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-01-15 05:15 修改: 2026-06-17 08:51

protobufjs CVE-2023-36665 严重 7.2.4 7.2.5, 6.11.4 protobufjs: prototype pollution using user-controlled protobuf message

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36665

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-05 14:15 修改: 2026-06-17 06:06

protobufjs CVE-2026-41242 严重 7.2.4 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-18 17:16 修改: 2026-07-10 12:16

shell-quote CVE-2026-9277 严重 1.8.0 1.8.4 shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9277

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-22 14:16 修改: 2026-07-10 12:17

simple-git CVE-2026-28292 严重 3.16.1 3.32.3 simple-git: simple-git: Remote Code Execution via bypass of prior security fixes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28292

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-10 19:17 修改: 2026-06-30 03:18

vm2 CVE-2023-29017 严重 3.9.14 3.9.15 vm2: sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29017

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 20:15 修改: 2026-06-17 05:49

vm2 CVE-2023-29199 严重 3.9.14 3.9.16 vm2: Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29199

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-14 19:15 修改: 2026-06-17 05:49

vm2 CVE-2023-30547 严重 3.9.14 3.9.17 vm2: Sandbox Escape when exception sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30547

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-17 22:15 修改: 2026-06-17 05:54

vm2 CVE-2023-32314 严重 3.9.14 3.9.18 vm2: Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32314

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-15 20:15 修改: 2026-06-17 05:58

vm2 CVE-2023-37466 严重 3.9.14 3.10.0 vm2: Promise handler sanitization can be bypassed allowing attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37466

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-14 00:15 修改: 2026-06-17 06:08

vm2 CVE-2023-37903 严重 3.9.14 vm2: custom inspect function allows attackers to escape the sandbox and run arbitrary code

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-37903

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-21 20:15 修改: 2026-06-17 06:08

vm2 CVE-2026-22709 严重 3.9.14 3.10.2 vm2 has a Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22709

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:20

vm2 CVE-2026-24118 严重 3.9.14 3.11.0 vm2: vm2: Arbitrary code execution due to sandbox breakout

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24118

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-24120 严重 3.9.14 3.10.5 vm2: vm2: Arbitrary code execution due to sandbox escape vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24120

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-24781 严重 3.9.14 3.11.0 vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24781

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-04 17:16 修改: 2026-07-09 13:16

vm2 CVE-2026-26332 严重 3.9.14 3.11.0 vm2: vm2: Arbitrary code execution via SuppressedError sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26332

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-26956 严重 3.9.14 3.10.5 vm2: Node.js: vm2: Arbitrary code execution via sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26956

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-04 17:16 修改: 2026-06-30 03:17

vm2 CVE-2026-43997 严重 3.9.14 3.11.0 vm2: vm2: Arbitrary code execution via sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43997

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44005 严重 3.9.14 3.11.0 vm2: vm2: Sandbox Escape leading to Arbitrary Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44005

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44006 严重 3.9.14 3.11.0 vm2: vm2: Sandbox escape via arbitrary prototype access leading to arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44006

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44007 严重 3.9.14 3.11.1 vm2: vm2: Arbitrary code execution via nested NodeVM bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44007

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44008 严重 3.9.14 3.11.2 vm2: vm2: Arbitrary code execution due to sandbox escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44008

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44009 严重 3.9.14 3.11.2 vm2: vm2: Arbitrary Code Execution via Sandbox Escape

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44009

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-45411 严重 3.9.14 3.11.3 vm2: vm2: Arbitrary Code Execution due to sandbox escape vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45411

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:20

vm2 CVE-2026-47131 严重 3.9.14 3.11.4 vm2: vm2: Arbitrary code execution via sandbox escape vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47131

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47137 严重 3.9.14 3.11.4 vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47137

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47140 严重 3.9.14 3.11.4 vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47140

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47208 严重 3.9.14 3.11.4 vm2: vm2: Sandbox Breakout Using Promise Species

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47208

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47210 严重 3.9.14 3.11.4 vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47210

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

webpack CVE-2023-28154 严重 5.75.0 5.76.0 webpack: avoid cross-realm objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28154

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-03-13 01:15 修改: 2026-06-17 05:46

axios CVE-2026-44496 高危 1.3.2 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2024-39338 高危 1.3.3 1.7.4 axios: axios: Server-Side Request Forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39338

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-08-12 13:38 修改: 2026-06-17 07:41

axios CVE-2025-27152 高危 1.3.3 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2025-58754 高危 1.3.3 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

axios CVE-2026-25639 高危 1.3.3 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 1.3.3 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42035 高危 1.3.3 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.3.3 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42264 高危 1.3.3 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-08 04:16 修改: 2026-07-10 12:16

axios CVE-2026-44486 高危 1.3.3 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44487 高危 1.3.3 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44494 高危 1.3.3 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44495 高危 1.3.3 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 1.3.3 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2024-39338 高危 1.4.0 1.7.4 axios: axios: Server-Side Request Forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39338

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-08-12 13:38 修改: 2026-06-17 07:41

axios CVE-2025-27152 高危 1.4.0 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2025-58754 高危 1.4.0 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

axios CVE-2026-25639 高危 1.4.0 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 1.4.0 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42035 高危 1.4.0 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.4.0 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42264 高危 1.4.0 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-08 04:16 修改: 2026-07-10 12:16

axios CVE-2026-44486 高危 1.4.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44487 高危 1.4.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44494 高危 1.4.0 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44495 高危 1.4.0 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 1.4.0 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

body-parser CVE-2024-45590 高危 1.20.1 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-10 16:15 修改: 2026-06-17 07:54

braces CVE-2024-4068 高危 2.3.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

braces CVE-2024-4068 高危 3.0.2 3.0.3 braces: fails to limit the number of characters it can handle

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4068

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

cross-spawn CVE-2024-21538 高危 6.0.5 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

@babel/plugin-transform-modules-systemjs CVE-2026-44728 高危 7.20.11 7.29.4, 8.0.0-alpha.13 Babel is a compiler for writing next generation JavaScript. From 7.12. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44728

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-26 18:16 修改: 2026-06-17 10:51

@koa/cors CVE-2023-49803 高危 3.4.1 5.0.0 Overly permissive origin policy

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49803

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-11 23:15 修改: 2026-06-17 06:36

fast-xml-parser CVE-2026-26278 高危 4.2.6 4.5.4, 5.3.6 fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-19 20:25 修改: 2026-06-30 03:17

fast-xml-parser CVE-2026-33036 高危 4.2.6 5.5.6, 4.5.5 fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-20 06:16 修改: 2026-06-17 10:36

flatted CVE-2026-32141 高危 3.2.7 3.4.0 flatted: flatted: Unbounded recursion DoS in parse() revive phase

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32141

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-12 18:16 修改: 2026-07-09 13:16

flatted CVE-2026-33228 高危 3.2.7 3.4.2 flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33228

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-20 23:16 修改: 2026-07-02 12:17

@remix-run/router CVE-2026-22029 高危 1.6.0 1.23.2 @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22029

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-10 03:15 修改: 2026-07-10 12:16

form-data CVE-2026-12143 高危 2.3.3 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 19:16 修改: 2026-07-10 12:16

axios CVE-2025-27152 高危 0.21.4 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

form-data CVE-2026-12143 高危 3.0.1 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 19:16 修改: 2026-07-10 12:16

axios CVE-2026-25639 高危 0.21.4 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

form-data CVE-2026-12143 高危 4.0.0 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 19:16 修改: 2026-07-10 12:16

git-clone CVE-2022-25900 高危 0.1.0 Command injection in git-clone

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25900

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-07-01 20:15 修改: 2026-06-17 04:34

glob CVE-2025-64756 高危 10.2.7 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 10.3.3 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

axios CVE-2026-42033 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

handlebars CVE-2026-33938 高危 4.7.7 4.7.9 handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33938

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

handlebars CVE-2026-33939 高危 4.7.7 4.7.9 handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33939

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33940 高危 4.7.7 4.7.9 handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33940

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

handlebars CVE-2026-33941 高危 4.7.7 4.7.9 handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33941

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 22:16 修改: 2026-07-02 12:17

http-proxy-middleware CVE-2024-21536 高危 2.0.6 2.0.7, 3.0.3 http-proxy-middleware: Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21536

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-10-19 05:15 修改: 2026-06-17 07:09

axios CVE-2026-42035 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

i18next-fs-backend CVE-2026-41693 高危 1.1.5 2.6.4 i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41693

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-08 16:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 0.21.4 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

i18next-fs-backend CVE-2026-41693 高危 1.2.0 2.6.4 i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41693

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-05-08 16:16 修改: 2026-06-17 10:47

ip CVE-2024-29415 高危 1.1.8 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

js-cookie CVE-2026-46625 高危 2.2.1 3.0.7 js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-10 22:16 修改: 2026-07-08 13:16

json5 CVE-2022-46175 高危 2.2.1 2.2.2, 1.0.2 json5: Prototype Pollution in JSON5 via Parse Method

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46175

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-24 04:15 修改: 2026-06-17 05:11

jsonwebtoken CVE-2022-23539 高危 8.5.1 9.0.0 jsonwebtoken: Unrestricted key type could lead to legacy keys usagen

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23539

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-23 00:15 修改: 2026-06-17 04:30

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

axios CVE-2026-44486 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

koa CVE-2026-27959 高危 2.13.4 3.1.2, 2.16.4 koa: Koa: Host header injection vulnerability due to malformed HTTP Host header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27959

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-30 03:17

link-preview-js CVE-2026-43897 高危 2.1.19 4.0.1 link-preview-js vulnerable to IPv6 and internal loopback attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43897

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-11 22:22 修改: 2026-06-17 10:50

axios CVE-2026-44487 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

loader-utils CVE-2022-37599 高危 1.4.0 1.4.2, 2.0.4, 3.2.1 loader-utils: regular expression denial of service in interpolateName.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37599

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-11 19:15 修改: 2026-06-17 04:55

loader-utils CVE-2022-37603 高危 1.4.0 1.4.2, 2.0.4, 3.2.1 loader-utils: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37603

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-14 16:15 修改: 2026-06-17 04:55

axios CVE-2026-44492 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

loader-utils CVE-2022-37599 高危 2.0.2 1.4.2, 2.0.4, 3.2.1 loader-utils: regular expression denial of service in interpolateName.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37599

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-11 19:15 修改: 2026-06-17 04:55

loader-utils CVE-2022-37603 高危 2.0.2 1.4.2, 2.0.4, 3.2.1 loader-utils: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37603

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-10-14 16:15 修改: 2026-06-17 04:55

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-31 20:16 修改: 2026-07-10 12:17

lodash-es CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-31 20:16 修改: 2026-07-10 12:17

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 5.1.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 5.1.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.3 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 9.0.3 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.3 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

axios CVE-2026-44495 高危 0.21.4 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 0.21.4 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2025-27152 高危 0.26.1 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

mongoose CVE-2022-2564 高危 6.1.1 6.4.6, 5.13.15 automattic/mongoose vulnerable to Prototype pollution via Schema.path

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2564

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-07-28 20:15 修改: 2026-06-17 04:42

mongoose CVE-2024-53900 高危 6.1.1 8.8.3, 7.8.3, 6.13.5, 5.13.23 Mongoose search injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53900

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-12-02 20:15 修改: 2026-06-17 08:09

mongoose CVE-2026-42334 高危 6.1.1 6.13.9, 7.8.9, 8.22.1, 9.1.6 Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42334

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-14 18:16 修改: 2026-06-17 10:47

axios CVE-2026-25639 高危 0.26.1 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 0.26.1 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

mongoose CVE-2024-53900 高危 6.7.5 8.8.3, 7.8.3, 6.13.5, 5.13.23 Mongoose search injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53900

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2024-12-02 20:15 修改: 2026-06-17 08:09

mongoose CVE-2026-42334 高危 6.7.5 6.13.9, 7.8.9, 8.22.1, 9.1.6 Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42334

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-05-14 18:16 修改: 2026-06-17 10:47

node-fetch CVE-2022-0235 高危 1.6.3 3.1.1, 2.6.7 node-fetch: exposure of sensitive information to an unauthorized actor

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0235

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2022-01-16 17:15 修改: 2026-06-17 04:20

node-forge CVE-2025-12816 高危 1.3.1 1.3.2 node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12816

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-11-25 20:15 修改: 2026-06-17 08:32

node-forge CVE-2025-66031 高危 1.3.1 1.3.2 node-forge: node-forge ASN.1 Unbounded Recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66031

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

node-forge CVE-2026-33891 高危 1.3.1 1.4.0 node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33891

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33894 高危 1.3.1 1.4.0 node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33894

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33895 高危 1.3.1 1.4.0 node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33895

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

node-forge CVE-2026-33896 高危 1.3.1 1.4.0 node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33896

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-27 21:17 修改: 2026-07-02 12:17

nodemailer CVE-2025-14874 高危 6.10.1 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.10.1 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

nodemailer CVE-2025-14874 高危 6.7.8 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.7.8 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

nth-check CVE-2021-3803 高危 1.0.2 2.0.1 nodejs-nth-check: inefficient regular expression complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3803

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-09-17 07:15 修改: 2026-06-17 04:05

path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

path-to-regexp CVE-2024-52798 高危 0.1.7 0.1.12 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52798

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-12-05 23:15 修改: 2026-06-17 08:07

path-to-regexp CVE-2026-4867 高危 0.1.7 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

path-to-regexp CVE-2024-45296 高危 6.2.1 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

picomatch CVE-2026-33671 高危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

pnpm CVE-2025-69262 高危 8.15.8 10.27.0 pnpm: pnpm: Remote code execution via command injection in tokenHelper environment variable substitution

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69262

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-07 23:15 修改: 2026-06-22 14:39

pnpm CVE-2025-69263 高危 8.15.8 10.26.0 pnpm: pnpm Lockfile Integrity Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69263

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-07 22:15 修改: 2026-06-30 03:16

pnpm CVE-2026-50015 高危 8.15.8 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary file write/delete due to lack of path validation in patch files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50015

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50016 高危 8.15.8 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary code execution due to path traversal in dependency aliases

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50016

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 23:57

pnpm CVE-2026-55487 高危 8.15.8 10.34.2, 11.5.3 pnpm: pnpm: Supply chain compromise via manipulated package source strings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55487

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55697 高危 8.15.8 11.5.3 pnpm: pnpm: Arbitrary code execution via improper handling of config dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55697

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-55698 高危 8.15.8 10.34.2, 11.5.3 pnpm: pnpm: Arbitrary code execution via malicious package-manager lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55698

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:03

pnpm GHSA-72r4-9c5j-mj57 高危 8.15.8 10.34.4, 11.7.0 pnpm: `patch-remove` could delete project-selected files outside the patches directory

漏洞详情: https://github.com/advisories/GHSA-72r4-9c5j-mj57

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-27 00:12 修改: 2026-06-27 00:12

pnpm GHSA-fr4h-3cph-29xv 高危 8.15.8 10.34.4, 11.7.0 pnpm: Hoisted install imports lockfile alias outside node_modules

漏洞详情: https://github.com/advisories/GHSA-fr4h-3cph-29xv

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-27 00:02 修改: 2026-06-27 00:03

pnpm GHSA-qrv3-253h-g69c 高危 8.15.8 10.34.4, 11.8.0 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

漏洞详情: https://github.com/advisories/GHSA-qrv3-253h-g69c

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-27 00:13 修改: 2026-06-27 00:13

axios CVE-2026-42035 高危 0.26.1 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 0.26.1 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

protobufjs CVE-2026-44289 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-07-10 12:16

protobufjs CVE-2026-48712 高危 7.2.4 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

rollup CVE-2024-47068 高危 0.34.13 3.29.5, 4.22.4, 2.79.2 rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-23 16:15 修改: 2026-06-17 07:56

rollup CVE-2026-27606 高危 0.34.13 2.80.0, 3.30.0, 4.59.0 rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27606

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-25 03:16 修改: 2026-07-01 13:16

rollup CVE-2024-47068 高危 2.78.1 3.29.5, 4.22.4, 2.79.2 rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-23 16:15 修改: 2026-06-17 07:56

rollup CVE-2026-27606 高危 2.78.1 2.80.0, 3.30.0, 4.59.0 rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27606

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-25 03:16 修改: 2026-07-01 13:16

rollup CVE-2024-47068 高危 2.79.1 3.29.5, 4.22.4, 2.79.2 rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-23 16:15 修改: 2026-06-17 07:56

rollup CVE-2026-27606 高危 2.79.1 2.80.0, 3.30.0, 4.59.0 rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27606

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-25 03:16 修改: 2026-07-01 13:16

rollup CVE-2024-47068 高危 3.20.7 3.29.5, 4.22.4, 2.79.2 rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-23 16:15 修改: 2026-06-17 07:56

rollup CVE-2026-27606 高危 3.20.7 2.80.0, 3.30.0, 4.59.0 rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27606

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-02-25 03:16 修改: 2026-07-01 13:16

semver CVE-2022-25883 高危 5.7.1 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-21 05:15 修改: 2026-06-17 04:34

semver CVE-2022-25883 高危 6.3.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-21 05:15 修改: 2026-06-17 04:34

semver CVE-2022-25883 高危 7.0.0 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-06-21 05:15 修改: 2026-06-17 04:34

semver CVE-2022-25883 高危 7.3.8 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-21 05:15 修改: 2026-06-17 04:34

serialize-javascript GHSA-5c6j-r48x-rmvq 高危 4.0.0 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

serialize-javascript GHSA-5c6j-r48x-rmvq 高危 5.0.1 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

serialize-javascript GHSA-5c6j-r48x-rmvq 高危 6.0.1 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

axios CVE-2026-44486 高危 0.26.1 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

sigstore CVE-2026-48815 高危 1.7.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

axios CVE-2026-44487 高危 0.26.1 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

simple-git CVE-2026-28291 高危 3.16.1 3.32.0 simple-git: simple-git: Command Execution via Option-Parsing Bypass in simple-git

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28291

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-13 18:16 修改: 2026-06-30 03:18

simple-git CVE-2026-6951 高危 3.16.1 3.36.0 simple-git: simple-git: Remote Code Execution due to incomplete fix bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6951

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-25 06:16 修改: 2026-06-30 03:21

socket.io-parser CVE-2026-33151 高危 4.2.1 3.3.5, 3.4.4, 4.2.6 socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33151

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-20 21:17 修改: 2026-06-17 10:37

socket.io-parser CVE-2026-33151 高危 4.2.2 3.3.5, 3.4.4, 4.2.6 socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33151

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-20 21:17 修改: 2026-06-17 10:37

socket.io-parser CVE-2026-33151 高危 4.2.4 3.3.5, 3.4.4, 4.2.6 socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33151

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-20 21:17 修改: 2026-06-17 10:37

svgo CVE-2026-29074 高危 2.8.0 2.8.1, 3.3.3, 4.0.1 svgo: SVGO: Denial of Service via XML entity expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29074

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-06 08:16 修改: 2026-07-10 12:16

tar CVE-2026-23745 高危 6.1.13 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.1.13 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.1.13 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.1.13 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.1.13 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.1.13 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 6.1.15 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.1.15 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.1.15 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.1.15 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.1.15 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.1.15 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar-fs CVE-2024-12905 高危 2.0.1 1.16.4, 2.1.2, 3.0.7 tar-fs: link following and path traversal via maliciously crafted tar file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12905

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-03-27 17:15 修改: 2026-06-17 07:00

tar-fs CVE-2025-48387 高危 2.0.1 1.16.5, 2.1.3, 3.0.9 tar-fs: tar-fs has issue where extract can write outside the specified dir with a specific tarball

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48387

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-06-02 20:15 修改: 2026-06-17 09:29

tar-fs CVE-2025-59343 高危 2.0.1 3.1.1, 2.1.4, 1.16.6 tar-fs: tar-fs symlink validation bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59343

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-09-24 18:15 修改: 2026-06-17 09:45

tmp CVE-2026-44705 高危 0.0.33 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

tmp CVE-2026-44705 高危 0.0.33 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

tmp CVE-2026-44705 高危 0.2.1 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

trim CVE-2020-7753 高危 0.0.1 0.0.3 nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7753

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2020-10-27 09:15 修改: 2026-06-17 03:25

trim-newlines CVE-2021-33623 高危 1.0.0 3.0.1, 4.0.1 nodejs-trim-newlines: ReDoS in .end() method

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33623

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2021-05-28 18:15 修改: 2026-06-17 03:54

url-regex CVE-2020-7661 高危 5.0.0 Regular expression denial of service in url-regex

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7661

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2020-06-04 18:15 修改: 2026-06-17 03:25

validator CVE-2025-12758 高危 13.7.0 13.15.22 Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-11-27 05:16 修改: 2026-06-17 08:32

vite CVE-2023-34092 高危 4.2.0 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34092

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-06-01 17:15 修改: 2026-06-17 06:02

vite CVE-2024-23331 高危 4.2.0 2.9.17, 3.2.8, 4.5.2, 5.0.12 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23331

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-01-19 20:15 修改: 2026-06-17 07:12

vite CVE-2024-52011 高危 4.2.0 5.4.9 launch-editor: vite: launch-editor: Arbitrary command execution via insufficient file argument sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52011

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-01 19:16 修改: 2026-07-02 12:16

vite CVE-2026-53571 高危 4.2.0 8.0.16, 7.3.5, 6.4.3 vite: `server.fs.deny` bypass on Windows alternate paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53571

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:44

axios CVE-2026-44492 高危 0.26.1 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44495 高危 0.26.1 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 0.26.1 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2025-27152 高危 0.27.2 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2026-25639 高危 0.27.2 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 0.27.2 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42035 高危 0.27.2 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 0.27.2 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-44486 高危 0.27.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44487 高危 0.27.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44492 高危 0.27.2 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44495 高危 0.27.2 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44496 高危 0.27.2 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2024-39338 高危 1.3.2 1.7.4 axios: axios: Server-Side Request Forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-39338

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-08-12 13:38 修改: 2026-06-17 07:41

axios CVE-2025-27152 高危 1.3.2 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2025-58754 高危 1.3.2 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

axios CVE-2026-25639 高危 1.3.2 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-09 21:15 修改: 2026-07-10 12:16

axios CVE-2026-42033 高危 1.3.2 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42035 高危 1.3.2 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.3.2 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42264 高危 1.3.2 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-08 04:16 修改: 2026-07-10 12:16

axios CVE-2026-44486 高危 1.3.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44487 高危 1.3.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

axios CVE-2026-44494 高危 1.3.2 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

vm2 CVE-2026-44001 高危 3.9.14 3.11.0 vm2: vm2: Sandbox escape leads to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44001

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-44004 高危 3.9.14 3.11.0 vm2: vm2: Denial of Service via host memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44004

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-30 03:19

vm2 CVE-2026-47135 高危 3.9.14 3.11.4 vm2: vm2: Sandbox escape allows arbitrary code execution on the host system

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47135

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47139 高危 3.9.14 3.11.4 vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47139

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 CVE-2026-47209 高危 3.9.14 3.11.4 vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47209

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

axios CVE-2026-44495 高危 1.3.2 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-07-10 12:16

webpack-dev-middleware CVE-2024-29180 高危 3.7.3 7.1.0, 6.1.2, 5.3.4 webpack-dev-middleware: lack of URL validation may lead to file leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29180

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-21 17:15 修改: 2026-06-17 07:22

webpack-dev-middleware CVE-2024-29180 高危 5.3.3 7.1.0, 6.1.2, 5.3.4 webpack-dev-middleware: lack of URL validation may lead to file leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29180

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-21 17:15 修改: 2026-06-17 07:22

ws CVE-2024-37890 高危 7.5.9 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 7.5.9 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-17 13:20 修改: 2026-07-10 12:17

ws CVE-2024-37890 高危 8.11.0 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.11.0 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-17 13:20 修改: 2026-07-10 12:17

ws CVE-2024-37890 高危 8.13.0 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.13.0 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-17 13:20 修改: 2026-07-10 12:17

ws CVE-2024-37890 高危 8.2.3 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.2.3 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-17 13:20 修改: 2026-07-10 12:17

ws CVE-2026-48779 高危 8.20.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-17 13:20 修改: 2026-07-10 12:17

yaml CVE-2023-2251 高危 2.2.1 2.2.2 Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2251

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-24 15:15 修改: 2026-06-17 05:52

axios CVE-2026-42042 中危 0.27.2 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-44490 中危 0.27.2 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2026-42042 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-44490 中危 0.21.4 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

node-forge CVE-2025-66030 中危 1.3.1 1.3.2 node-forge: node-forge: Integer Overflow allows OID-based security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66030

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

ajv CVE-2025-69873 中危 6.12.6 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-11 19:15 修改: 2026-07-09 13:16

ajv CVE-2025-69873 中危 8.12.0 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-11 19:15 修改: 2026-07-09 13:16

nodemailer CVE-2025-13033 中危 6.10.1 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.10.1 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.10.1 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.10.1 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.10.1 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

ejs CVE-2024-33883 中危 3.1.8 3.1.10 The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-33883

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-04-28 16:15 修改: 2026-06-17 07:32

esbuild GHSA-67mh-4wv8-2f99 中危 0.12.29 0.25.0 esbuild enables any website to send any requests to the development server and read the response

漏洞详情: https://github.com/advisories/GHSA-67mh-4wv8-2f99

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-10 17:48 修改: 2025-02-10 17:48

nodemailer CVE-2025-13033 中危 6.7.8 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.7.8 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-9h6g-pr28-7cqp 中危 6.7.8 6.9.9 nodemailer ReDoS when trying to send a specially crafted email

漏洞详情: https://github.com/advisories/GHSA-9h6g-pr28-7cqp

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-01-31 22:42 修改: 2025-09-03 15:21

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.7.8 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.7.8 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.7.8 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

esbuild GHSA-67mh-4wv8-2f99 中危 0.15.18 0.25.0 esbuild enables any website to send any requests to the development server and read the response

漏洞详情: https://github.com/advisories/GHSA-67mh-4wv8-2f99

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-10 17:48 修改: 2025-02-10 17:48

esbuild GHSA-67mh-4wv8-2f99 中危 0.16.17 0.25.0 esbuild enables any website to send any requests to the development server and read the response

漏洞详情: https://github.com/advisories/GHSA-67mh-4wv8-2f99

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-02-10 17:48 修改: 2025-02-10 17:48

esbuild GHSA-67mh-4wv8-2f99 中危 0.17.18 0.25.0 esbuild enables any website to send any requests to the development server and read the response

漏洞详情: https://github.com/advisories/GHSA-67mh-4wv8-2f99

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-02-10 17:48 修改: 2025-02-10 17:48

express CVE-2024-29041 中危 4.18.2 4.19.2, 5.0.0-beta.3 express: cause malformed URLs to be evaluated

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29041

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-25 21:15 修改: 2026-06-17 07:22

@adobe/css-tools CVE-2023-48631 中危 4.2.0 4.3.2 css-tools: regular expression denial of service (ReDoS) when parsing CSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48631

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-12-14 13:15 修改: 2026-06-17 06:34

@babel/helpers CVE-2025-27789 中危 7.18.9 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

picomatch CVE-2026-33672 中危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

@babel/helpers CVE-2025-27789 中危 7.21.0 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

fast-xml-parser CVE-2026-33349 中危 4.2.6 4.5.5, 5.5.7 fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37

fast-xml-parser CVE-2026-41650 中危 4.2.6 5.7.0 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46

file-type CVE-2026-31808 中危 16.5.4 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34

@adobe/css-tools CVE-2023-26364 中危 4.2.0 4.3.1 css-tools: Improper Input Validation causes Denial of Service via Regular Expression

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26364

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-11-17 14:15 修改: 2026-06-17 05:43

@octokit/plugin-paginate-rest CVE-2025-25288 中危 5.0.1 11.4.1, 9.2.2 octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

follow-redirects CVE-2023-26159 中危 1.15.2 1.15.4 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26159

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-01-02 05:15 修改: 2026-06-17 05:42

follow-redirects CVE-2024-28849 中危 1.15.2 1.15.6 follow-redirects: Possible credential leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28849

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-14 17:15 修改: 2026-06-17 07:21

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.2 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

@octokit/request CVE-2025-25290 中危 6.2.3 9.2.1, 8.4.1 octokit/request: @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

pnpm CVE-2024-47829 中危 8.15.8 10.0.0 pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47829

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2025-04-23 16:15 修改: 2026-06-22 14:39

pnpm CVE-2024-53866 中危 8.15.8 9.15.0 pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53866

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2024-12-10 18:15 修改: 2026-06-22 14:38

pnpm CVE-2026-23888 中危 8.15.8 10.28.1 pnpm: pnpm: Arbitrary file write via path traversal in binary fetcher leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23888

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-23889 中危 8.15.8 10.28.1 pnpm: pnpm: Arbitrary file write via path traversal on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23889

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-23890 中危 8.15.8 10.28.1 pnpm: pnpm: Arbitrary code execution via path traversal in bin linking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23890

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-24056 中危 8.15.8 10.28.2 pnpm: pnpm symlink traversal in file:/git dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24056

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-24131 中危 8.15.8 10.28.2 pnpm: pnpm: Arbitrary file permission modification via directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24131

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-01-26 22:15 修改: 2026-06-17 10:22

pnpm CVE-2026-48995 中危 8.15.8 10.33.4, 11.0.7 pnpm: pnpm: Supply chain compromise from unverified dependencies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48995

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 20:30

pnpm CVE-2026-50014 中危 8.15.8 10.34.0, 11.4.0 pnpm: pnpm: Arbitrary Code Execution via Malicious Lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50014

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:14

pnpm CVE-2026-50017 中危 8.15.8 10.34.0, 11.4.0 pnpm: pnpm: Information disclosure of authentication credentials via malicious .npmrc file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50017

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-30 19:04

pnpm CVE-2026-50021 中危 8.15.8 11.4.0, 10.34.1 pnpm: pnpm: Integrity bypass allows installation of altered packages via modified lockfile

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50021

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-50573 中危 8.15.8 10.34.0, 11.4.0 pnpm: pnpm: Package integrity check bypass allows installation of malicious content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50573

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:15

pnpm CVE-2026-55180 中危 8.15.8 10.34.2, 11.5.3 pnpm: pacquet: pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55180

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

pnpm CVE-2026-55699 中危 8.15.8 10.34.2, 11.5.3 pnpm: pnpm: Denial of Service due to improper handling of malicious package manifest bin keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55699

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-25 18:16 修改: 2026-06-29 21:16

postcss CVE-2023-44270 中危 7.0.39 8.4.31 PostCSS: Improper input validation in PostCSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44270

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-29 22:15 修改: 2026-06-17 06:27

postcss CVE-2026-41305 中危 7.0.39 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

postcss CVE-2023-44270 中危 8.4.21 8.4.31 PostCSS: Improper input validation in PostCSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44270

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-29 22:15 修改: 2026-06-17 06:27

postcss CVE-2026-41305 中危 8.4.21 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

postcss CVE-2023-44270 中危 8.4.27 8.4.31 PostCSS: Improper input validation in PostCSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44270

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-09-29 22:15 修改: 2026-06-17 06:27

postcss CVE-2026-41305 中危 8.4.27 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

posthog-js CVE-2023-32325 中危 1.35.0 1.57.2 Potential for cross-site scripting in PostHog-js

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32325

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-05-27 00:15 修改: 2026-06-17 05:58

prismjs CVE-2024-53382 中危 1.27.0 1.30.0 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-03-03 07:15 修改: 2026-06-17 08:08

@octokit/request-error CVE-2025-25289 中危 3.0.3 5.1.1, 6.1.7 @octokit/request-error: @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

axios CVE-2023-45857 中危 0.26.1 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

axios CVE-2023-45857 中危 1.3.2 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

axios CVE-2025-62718 中危 1.3.2 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2026-40175 中危 1.3.2 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 1.3.2 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

protobufjs CVE-2026-44288 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.2.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.2.4 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.2.4 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2025-15284 中危 6.11.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2025-15284 中危 6.11.1 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.11.1 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

qs CVE-2025-15284 中危 6.5.3 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

react-router CVE-2025-68470 中危 6.11.0 6.30.2, 7.9.6 react-router: React Router unexpected external redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68470

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-10 03:15 修改: 2026-06-17 09:59

react-router CVE-2026-40181 中危 6.11.0 7.14.1, 6.30.4 react-router: React Router: Open redirect vulnerability via specially crafted URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40181

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:44

request CVE-2023-28155 中危 2.88.2 request: bypass of SSRF mitigations when following a cross-protocol redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-03-16 15:15 修改: 2026-06-17 05:46

axios CVE-2026-42036 中危 1.3.2 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

got CVE-2022-33987 中危 11.8.3 12.1.0, 11.8.5 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-18 21:15 修改: 2026-06-17 04:49

got CVE-2022-33987 中危 9.6.0 12.1.0, 11.8.5 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2022-06-18 21:15 修改: 2026-06-17 04:49

axios CVE-2026-42037 中危 1.3.2 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.3.2 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 1.3.2 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42041 中危 1.3.2 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42042 中危 1.3.2 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

handlebars CVE-2026-33916 中危 4.7.7 4.7.9 handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33916

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 21:17 修改: 2026-06-17 10:38

handlebars GHSA-7rx3-28cr-v5wh 中危 4.7.7 4.7.9 Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

漏洞详情: https://github.com/advisories/GHSA-7rx3-28cr-v5wh

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-29 15:17 修改: 2026-03-29 15:17

axios CVE-2026-42044 中危 1.3.2 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

http-proxy-middleware CVE-2025-32996 中危 2.0.6 2.0.8, 3.0.4 http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32996

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-04-15 03:15 修改: 2026-06-17 09:12

http-proxy-middleware CVE-2025-32997 中危 2.0.6 2.0.9, 3.0.5 http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32997

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-04-15 03:15 修改: 2026-06-17 09:12

http-proxy-middleware CVE-2026-55602 中危 2.0.6 3.0.6, 4.1.0, 2.0.10 http-proxy-middleware: http-proxy-middleware: Unintended backend routing due to crafted Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55602

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:06

serialize-javascript CVE-2026-34043 中危 5.0.1 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

axios CVE-2026-44490 中危 1.3.2 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

serialize-javascript CVE-2024-11831 中危 6.0.1 6.0.2 npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-11831

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-02-10 16:15 修改: 2026-07-01 15:16

serialize-javascript CVE-2026-34043 中危 6.0.1 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

axios CVE-2025-62718 中危 0.26.1 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2026-40175 中危 0.26.1 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 0.26.1 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

i18next-http-backend CVE-2026-41691 中危 1.4.1 3.0.5 i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41691

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 21:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 0.26.1 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 0.26.1 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

socket.io-parser CVE-2023-32695 中危 4.2.1 4.2.3, 3.4.3, 3.3.4 socket.io parser is a socket.io encoder and decoder written in JavaScr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32695

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-27 16:15 修改: 2026-06-17 05:59

axios CVE-2026-42039 中危 0.26.1 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

socket.io-parser CVE-2023-32695 中危 4.2.2 4.2.3, 3.4.3, 3.3.4 socket.io parser is a socket.io encoder and decoder written in JavaScr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32695

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-05-27 16:15 修改: 2026-06-17 05:59

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-05-12 20:16 修改: 2026-07-09 13:17

store2 CVE-2024-57556 中危 2.14.2 2.14.4 Cross Site Scripting vulnerability in store2

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57556

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-01-23 22:15 修改: 2026-06-17 08:13

jose CVE-2024-28176 中危 4.11.2 4.15.5, 2.0.7 jose: resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28176

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-09 01:15 修改: 2026-06-17 07:21

jose CVE-2022-36083 中危 4.9.0 1.28.2, 2.0.6, 3.20.4, 4.9.2 JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36083

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-09-07 22:15 修改: 2026-06-22 03:10

jose CVE-2024-28176 中危 4.9.0 4.15.5, 2.0.7 jose: resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28176

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-09 01:15 修改: 2026-06-17 07:21

axios CVE-2026-42041 中危 0.26.1 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

js-yaml CVE-2025-64718 中危 3.14.1 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

js-yaml CVE-2026-53550 中危 3.14.1 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-22 16:16 修改: 2026-07-09 20:33

js-yaml CVE-2025-64718 中危 4.1.0 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

tar CVE-2024-28863 中危 6.1.13 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21

tar CVE-2026-53655 中危 6.1.13 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

js-yaml CVE-2026-53550 中危 4.1.0 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-22 16:16 修改: 2026-07-09 20:33

axios CVE-2026-42042 中危 0.26.1 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-44490 中危 0.26.1 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

jsonwebtoken CVE-2022-23540 中危 8.5.1 9.0.0 jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23540

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-22 19:15 修改: 2026-06-17 04:30

jsonwebtoken CVE-2022-23541 中危 8.5.1 9.0.0 jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23541

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-22 18:15 修改: 2026-06-17 04:30

@babel/runtime CVE-2025-27789 中危 7.21.0 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

tar CVE-2024-28863 中危 6.1.15 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21

tar CVE-2026-53655 中危 6.1.15 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

@sentry/browser GHSA-593m-55hh-j8gv 中危 7.38.0 8.33.0, 7.119.1 Sentry SDK Prototype Pollution gadget in JavaScript SDKs

漏洞详情: https://github.com/advisories/GHSA-593m-55hh-j8gv

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-10-03 18:26 修改: 2024-10-04 16:32

axios CVE-2023-45857 中危 0.21.4 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

koa CVE-2025-32379 中危 2.13.4 2.16.1, 3.0.0-alpha.5 koa: XSS at ctx.redirect() function in Koajs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32379

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-04-09 16:15 修改: 2026-06-17 09:11

axios CVE-2025-62718 中危 0.21.4 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2023-45857 中危 1.3.3 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

axios CVE-2025-62718 中危 1.3.3 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

axios CVE-2026-40175 中危 1.3.3 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 1.3.3 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.3.3 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.3.3 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.3.3 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-21 20:16 修改: 2026-07-10 12:16

tough-cookie CVE-2023-26136 中危 2.5.0 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-01 05:15 修改: 2026-06-17 05:42

tough-cookie CVE-2023-26136 中危 4.1.2 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-01 05:15 修改: 2026-06-17 05:42

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

axios CVE-2026-42039 中危 1.3.3 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

lodash-es CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-21 20:16 修改: 2026-07-10 12:16

uuid CVE-2026-41907 中危 3.4.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

lodash-es CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

validator CVE-2025-56200 中危 13.7.0 13.15.20 validator.js has a URL validation bypass vulnerability in its isURL function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16

micromatch CVE-2024-4067 中危 3.1.10 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

micromatch CVE-2024-4067 中危 4.0.5 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

axios CVE-2026-42041 中危 1.3.3 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42042 中危 1.3.3 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

vite CVE-2024-31207 中危 4.2.0 2.9.18, 3.2.10, 4.5.3, 5.0.13, 5.1.7, 5.2.6 vitejs: "server.fs.deny" configuration does not deny requests that include patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31207

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-04-04 16:15 修改: 2026-06-17 07:27

vite CVE-2024-45811 中危 4.2.0 5.4.6, 5.3.6, 5.2.14, 4.5.4, 3.2.11, 5.1.8 vite: server.fs.deny is bypassed when using `?import&raw`

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45811

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-17 20:15 修改: 2026-06-17 07:54

vite CVE-2024-45812 中危 4.2.0 5.4.6, 5.3.6, 5.2.14, 4.5.4, 3.2.11, 5.1.8 vite: XSS via DOM Clobbering gadget found in vite bundled scripts

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45812

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-17 20:15 修改: 2026-06-17 07:54

vite CVE-2025-24010 中危 4.2.0 6.0.9, 5.4.12, 4.5.6 vite: Vite allows any websites to send any requests to the development server and read the response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24010

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-01-20 16:15 修改: 2026-06-17 08:57

vite CVE-2025-30208 中危 4.2.0 6.2.3, 6.1.2, 6.0.12, 5.4.15, 4.5.10 vite: Vite bypasses server.fs.deny when using `?raw??`

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30208

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-03-24 17:15 修改: 2026-06-17 09:08

vite CVE-2025-31125 中危 4.2.0 6.2.4, 6.1.3, 6.0.13, 5.4.16, 4.5.11 vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31125

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-03-31 17:15 修改: 2026-06-17 09:09

vite CVE-2025-31486 中危 4.2.0 6.2.5, 6.1.4, 6.0.14, 5.4.17, 4.5.12 vite: Vite allows server.fs.deny to be bypassed with .svg or relative paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31486

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-04-03 19:15 修改: 2026-06-17 09:10

vite CVE-2025-32395 中危 4.2.0 6.2.6, 6.1.5, 6.0.15, 5.4.18, 4.5.13 vite: Vite has an `server.fs.deny` bypass with an invalid `request-target`

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32395

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-04-10 14:15 修改: 2026-06-17 09:11

vite CVE-2025-46565 中危 4.2.0 6.3.4, 6.2.7, 6.1.6, 5.4.19, 4.5.14 vite: Path Traversal in Vite Dev Server Allows Access to Restricted Files

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46565

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-05-01 18:15 修改: 2026-06-17 09:26

vite CVE-2025-62522 中危 4.2.0 7.1.11, 7.0.8, 6.4.1, 5.4.21 vite: vite allows server.fs.deny bypass via backslash on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62522

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-20 20:15 修改: 2026-06-17 09:52

vite CVE-2026-39365 中危 4.2.0 8.0.5, 7.3.2, 6.4.2 vite: Vite: Information disclosure via path traversal in dev server's .map request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39365

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-07 20:16 修改: 2026-06-17 10:42

vite CVE-2026-53632 中危 4.2.0 8.0.16, 7.3.5, 6.4.3 launch-editor: launch-editor: Credential compromise via NTLMv2 password hash leak through UNC path access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53632

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:44

axios CVE-2026-42044 中危 1.3.3 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-44490 中危 1.3.3 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2026-40175 中危 0.21.4 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 0.21.4 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42041 中危 0.21.4 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2023-45857 中危 0.27.2 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

axios CVE-2025-62718 中危 0.27.2 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2026-40175 中危 0.27.2 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 0.27.2 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 0.27.2 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 0.27.2 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 0.27.2 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2023-45857 中危 1.4.0 1.6.0, 0.28.0 axios: exposure of confidential data stored in cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45857

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-08 21:15 修改: 2026-06-17 06:29

axios CVE-2025-62718 中危 1.4.0 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-09 15:16 修改: 2026-07-10 12:16

axios CVE-2026-40175 中危 1.4.0 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-10 20:16 修改: 2026-07-10 12:16

axios CVE-2026-42034 中危 1.4.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.4.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.4.0 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.4.0 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 1.4.0 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

minimist CVE-2020-7598 中危 1.2.0 0.2.1, 1.2.3 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2020-03-11 23:15 修改: 2026-06-17 03:25

mongodb CVE-2021-32050 中危 4.11.0 3.6.10, 4.17.0, 5.8.0 Some MongoDB Drivers may erroneously publish events containing authent ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32050

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2023-08-29 16:15 修改: 2026-06-17 03:52

mongodb CVE-2021-32050 中危 4.2.1 3.6.10, 4.17.0, 5.8.0 Some MongoDB Drivers may erroneously publish events containing authent ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32050

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-08-29 16:15 修改: 2026-06-17 03:52

mongodb CVE-2021-32050 中危 4.2.2 3.6.10, 4.17.0, 5.8.0 Some MongoDB Drivers may erroneously publish events containing authent ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32050

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2023-08-29 16:15 修改: 2026-06-17 03:52

axios CVE-2026-42041 中危 1.4.0 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

axios CVE-2026-42042 中危 1.4.0 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

vm2 CVE-2023-32313 中危 3.9.14 3.9.18 vm2: Inspect Manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32313

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-15 20:15 修改: 2026-06-17 05:58

vm2 CVE-2026-44000 中危 3.9.14 3.11.0 vm2: vm2: Sandbox escape allows direct interaction with host objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44000

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-44002 中危 3.9.14 3.11.0 vm2: vm2: Information disclosure through unsanitized host paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44002

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-44003 中危 3.9.14 3.11.0 vm2: vm2: Sandbox escape due to code transformer optimization bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44003

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

vm2 CVE-2026-47141 中危 3.9.14 3.11.4 vm2: vm2: NodeVM observability builtins leak host process and HTTP request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47141

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

vm2 GHSA-2cm2-m3w5-gp2f 中危 3.9.14 3.11.2 vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

漏洞详情: https://github.com/advisories/GHSA-2cm2-m3w5-gp2f

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-08 16:22 修改: 2026-05-08 16:22

axios CVE-2026-42044 中危 1.4.0 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

webpack CVE-2024-43788 中危 5.75.0 5.94.0 webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43788

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-08-27 17:15 修改: 2026-06-17 07:51

axios CVE-2026-44490 中危 1.4.0 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

axios CVE-2026-42041 中危 0.27.2 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-07-10 12:16

webpack-dev-server CVE-2025-30359 中危 4.11.1 5.2.1 webpack-dev-server: webpack-dev-server information exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30359

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-06-03 18:15 修改: 2026-06-17 09:08

webpack-dev-server CVE-2025-30360 中危 4.11.1 5.2.1 webpack-dev-server: webpack-dev-server information exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30360

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-06-03 18:15 修改: 2026-06-17 09:08

webpack-dev-server CVE-2026-6402 中危 4.11.1 5.2.4 webpack-dev-server: webpack-dev-server: Information disclosure due to cross-origin source code exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6402

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-12 09:16 修改: 2026-06-17 11:00

webpack-dev-server CVE-2026-9595 中危 4.11.1 5.2.5 webpack-dev-server: webpack-dev-server: Information disclosure and denial of service via improper proxy configuration

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9595

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-15 16:16 修改: 2026-06-17 11:05

word-wrap CVE-2023-26115 中危 1.2.3 1.2.4 word-wrap: ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26115

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-22 05:15 修改: 2026-06-17 05:42

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

ws CVE-2026-45736 中危 8.11.0 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-15 15:16 修改: 2026-07-10 12:17

morgan CVE-2026-5078 中危 1.10.0 1.11.0 morgan: morgan: Log forgery due to unneutralized control characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5078

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-03 08:16 修改: 2026-06-17 10:58

nanoid CVE-2024-55565 中危 3.3.4 5.0.9, 3.3.8 nanoid: nanoid mishandles non-integer values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-55565

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-12-09 02:15 修改: 2026-06-17 08:11

ws CVE-2026-45736 中危 8.13.0 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-15 15:16 修改: 2026-07-10 12:17

nanoid CVE-2024-55565 中危 3.3.6 5.0.9, 3.3.8 nanoid: nanoid mishandles non-integer values

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-55565

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-12-09 02:15 修改: 2026-06-17 08:11

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

ws CVE-2026-45736 中危 8.2.3 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-15 15:16 修改: 2026-07-10 12:17

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

yaml CVE-2026-33532 中危 1.10.2 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

yaml CVE-2026-33532 中危 2.2.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

yaml CVE-2026-33532 中危 2.4.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

diff CVE-2026-24001 低危 5.1.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

tmp CVE-2025-54798 低危 0.2.1 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

@babel/core CVE-2026-49356 低危 7.21.0 8.0.0-rc.6, 7.29.6 @babel/core: @babel/core: Arbitrary file read via sourceMappingURL comment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49356

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

es5-ext CVE-2024-27088 低危 0.10.62 0.10.63 es5-ext contains ECMAScript 5 extensions. Passing functions with very ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27088

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-02-26 17:15 修改: 2026-06-17 07:19

axios CVE-2026-42040 低危 0.27.2 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

@babel/core CVE-2026-49356 低危 7.12.9 8.0.0-rc.6, 7.29.6 @babel/core: @babel/core: Arbitrary file read via sourceMappingURL comment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49356

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

express CVE-2024-43796 低危 4.18.2 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

@babel/core CVE-2026-49356 低危 7.18.13 8.0.0-rc.6, 7.29.6 @babel/core: @babel/core: Arbitrary file read via sourceMappingURL comment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49356

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

@tootallnate/once CVE-2026-3449 低危 1.1.2 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

qs CVE-2026-2391 低危 6.11.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

handlebars GHSA-442j-39wm-28r2 低危 4.7.7 4.7.9 Handlebars.js has a Property Access Validation Bypass in container.lookup

漏洞详情: https://github.com/advisories/GHSA-442j-39wm-28r2

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-29 15:16 修改: 2026-03-29 15:16

axios CVE-2026-42040 低危 1.3.3 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

qs CVE-2026-2391 低危 6.11.1 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

koa CVE-2025-8129 低危 2.13.4 2.16.2, 3.0.1 koa: KoaJS Koa HTTP Header response.js back redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8129

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-07-25 05:15 修改: 2026-06-17 10:06

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

fast-xml-parser CVE-2026-27942 低危 4.2.6 5.3.8, 4.5.4 fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

vm2 GHSA-q3fm-4wcw-g57x 低危 3.9.14 3.11.4 vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

漏洞详情: https://github.com/advisories/GHSA-q3fm-4wcw-g57x

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-29 17:38 修改: 2026-05-29 17:38

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

webpack CVE-2025-68157 低危 5.75.0 5.104.0 webpack: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68157

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:58

webpack CVE-2025-68458 低危 5.75.0 5.104.1 webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68458

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:59

axios CVE-2026-42040 低危 0.26.1 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42040 低危 0.21.4 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.10.1 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

cookie CVE-2024-47764 低危 0.4.2 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

cookie CVE-2024-47764 低危 0.5.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

vite CVE-2025-58751 低危 4.2.0 7.1.5, 7.0.7, 6.3.6, 5.4.20 vitejs/vite: lukeed/sirv: Vite middleware may serve files starting with the same name with the public directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58751

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-09-08 23:15 修改: 2026-06-17 09:44

vite CVE-2025-58752 低危 4.2.0 7.1.5, 7.0.7, 6.3.6, 5.4.20 vite: Vite's `server.fs` settings were not applied to HTML files

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58752

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-09-08 23:15 修改: 2026-06-17 09:44

ip CVE-2023-42282 低危 1.1.8 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

axios CVE-2026-42040 低危 1.4.0 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:eb5e0df0ee2d33fc69c70c03101168fdbb7313ab962bca2cc4ccb1a8f5431489

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:8d11772227bbd098b0c097c0f9a70817f49a5380fa8239f474820b2cd8b6e3cf

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

send CVE-2024-43799 低危 0.18.0 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.7.8 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

axios CVE-2026-42040 低危 1.3.2 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

on-headers CVE-2025-7339 低危 1.0.2 1.1.0 on-headers: on-headers vulnerable to http response header manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7339

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04

min-document CVE-2025-57352 低危 2.19.0 2.19.1 min-document: min-document prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57352

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-09-24 18:15 修改: 2026-06-17 09:43

diff CVE-2026-24001 低危 4.0.2 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

diff CVE-2026-24001 低危 5.1.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

serve-static CVE-2024-43800 低危 1.15.0 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

tmp CVE-2025-54798 低危 0.0.33 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

tmp CVE-2025-54798 低危 0.0.33 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:fba5edca9ac174e591e5d94fcf659b584bdafdcbe65dc7ae9c696900fd0867a4

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

app/tailchat/node_modules/.pnpm/@esbuild+linux-arm64@0.16.17/node_modules/@esbuild/linux-arm64/bin/esbuild (gobinary)
低危漏洞:3 中危漏洞:46 高危漏洞:29 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2023-24538 严重 v1.19.4 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24540 严重 v1.19.4 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.19.4 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.19.4 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2022-41722 高危 v1.19.4 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41723 高危 v1.19.4 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41724 高危 v1.19.4 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41725 高危 v1.19.4 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24534 高危 v1.19.4 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24536 高危 v1.19.4 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24537 高危 v1.19.4 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24539 高危 v1.19.4 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.19.4 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.19.4 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.19.4 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.19.4 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45287 高危 v1.19.4 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-12-05 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.19.4 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.19.4 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.19.4 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.19.4 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.19.4 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.19.4 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.19.4 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.19.4 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.19.4 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.19.4 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.19.4 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.19.4 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.19.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.19.4 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.19.4 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.19.4 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2023-24532 中危 v1.19.4 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-03-08 20:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29406 中危 v1.19.4 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.19.4 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.19.4 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.19.4 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.19.4 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.19.4 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.19.4 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.19.4 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.19.4 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.19.4 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.19.4 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.19.4 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.19.4 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.19.4 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.19.4 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.19.4 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.19.4 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.19.4 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.19.4 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.19.4 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.19.4 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.19.4 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.19.4 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.19.4 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.19.4 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.19.4 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.19.4 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.19.4 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.19.4 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.19.4 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.19.4 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.19.4 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.19.4 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.19.4 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.19.4 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.19.4 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.19.4 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.19.4 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.19.4 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.19.4 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.19.4 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.19.4 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.19.4 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.19.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.19.4 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.19.4 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.19.4 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.19.4 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20220715151400-c0bba94af5f8 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:e03fd7524cb7e1085747592a5c3b13cb98976228400b61379391b2a47a205981

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

app/tailchat/node_modules/.pnpm/@esbuild+linux-arm64@0.17.18/node_modules/@esbuild/linux-arm64/bin/esbuild (gobinary)
低危漏洞:3 中危漏洞:45 高危漏洞:21 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2023-24540 严重 v1.20.3 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.20.3 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.20.3 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-24539 高危 v1.20.3 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.20.3 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.20.3 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.20.3 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.20.3 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.20.3 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.20.3 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.20.3 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.20.3 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.20.3 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.20.3 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.20.3 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.20.3 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.20.3 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.20.3 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.20.3 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.20.3 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.20.3 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.20.3 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.20.3 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.20.3 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2023-29406 中危 v1.20.3 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.20.3 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.20.3 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.20.3 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.20.3 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.20.3 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.20.3 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.20.3 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.20.3 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.20.3 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.20.3 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.20.3 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.20.3 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.20.3 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.20.3 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.20.3 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.20.3 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.20.3 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.20.3 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.20.3 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.20.3 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.20.3 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.20.3 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.20.3 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.20.3 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.20.3 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.20.3 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.20.3 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.20.3 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.20.3 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.20.3 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.20.3 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.20.3 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.20.3 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.20.3 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.20.3 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.20.3 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.20.3 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.20.3 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.20.3 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.20.3 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.20.3 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.20.3 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.20.3 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.20.3 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.20.3 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.20.3 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.20.3 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20220715151400-c0bba94af5f8 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:ba56323cac7e48d8b4a2fb2385e6587838f341001c4477ace8484d8b0d5612a7

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

app/tailchat/node_modules/.pnpm/esbuild-linux-arm64@0.15.18/node_modules/esbuild-linux-arm64/bin/esbuild (gobinary)
低危漏洞:3 中危漏洞:47 高危漏洞:30 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2023-24538 严重 v1.19.3 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24540 严重 v1.19.3 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.19.3 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.19.3 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2022-41720 高危 v1.19.3 1.18.9, 1.19.4 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-07 17:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41722 高危 v1.19.3 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41723 高危 v1.19.3 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41724 高危 v1.19.3 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41725 高危 v1.19.3 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24534 高危 v1.19.3 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24536 高危 v1.19.3 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24537 高危 v1.19.3 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24539 高危 v1.19.3 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.19.3 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.19.3 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.19.3 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.19.3 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45287 高危 v1.19.3 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-05 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.19.3 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.19.3 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.19.3 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.19.3 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.19.3 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.19.3 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.19.3 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.19.3 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.19.3 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.19.3 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.19.3 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.19.3 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.19.3 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.19.3 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.19.3 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.19.3 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2022-41717 中危 v1.19.3 1.18.9, 1.19.4 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-08 20:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24532 中危 v1.19.3 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-03-08 20:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29406 中危 v1.19.3 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.19.3 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.19.3 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.19.3 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.19.3 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.19.3 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.19.3 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.19.3 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.19.3 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.19.3 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.19.3 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.19.3 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.19.3 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.19.3 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.19.3 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.19.3 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.19.3 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.19.3 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.19.3 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.19.3 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.19.3 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.19.3 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.19.3 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.19.3 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.19.3 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.19.3 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.19.3 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.19.3 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.19.3 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.19.3 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.19.3 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.19.3 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.19.3 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.19.3 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.19.3 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.19.3 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.19.3 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.19.3 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.19.3 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.19.3 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.19.3 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.19.3 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.19.3 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.19.3 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.19.3 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.19.3 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.19.3 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.19.3 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20220715151400-c0bba94af5f8 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

app/tailchat/node_modules/.pnpm/esbuild@0.12.29/node_modules/esbuild/bin/esbuild (gobinary)
低危漏洞:4 中危漏洞:53 高危漏洞:52 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2022-23806 严重 v1.17.1 1.16.14, 1.17.7 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23806

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2023-24538 严重 v1.17.1 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24540 严重 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.17.1 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.17.1 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2021-41771 高危 v1.17.1 1.16.10, 1.17.3 golang: debug/macho: invalid dynamic symbol table command can cause panic

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41771

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-41772 高危 v1.17.1 1.16.10, 1.17.3 golang: archive/zip: Reader.Open panics on empty string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-44716 高危 v1.17.1 1.16.12, 1.17.5 golang: net/http: limit growth of header canonicalization cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-23772 高危 v1.17.1 1.16.14, 1.17.7 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2022-24675 高危 v1.17.1 1.17.9, 1.18.1 golang: encoding/pem: fix stack overflow in Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24675

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:32

stdlib CVE-2022-24921 高危 v1.17.1 1.16.15, 1.17.8 golang: regexp: stack exhaustion via a deeply nested expression

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24921

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-03-05 20:15 修改: 2026-06-17 04:32

stdlib CVE-2022-27664 高危 v1.17.1 1.18.6, 1.19.1 golang: net/http: handle server errors after sending GOAWAY

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-09-06 18:15 修改: 2026-06-17 04:37

stdlib CVE-2022-28131 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Decoder.Skip

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:38

stdlib CVE-2022-28327 高危 v1.17.1 1.17.9, 1.18.1 golang: crypto/elliptic: panic caused by oversized scalar

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28327

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:38

stdlib CVE-2022-2879 高危 v1.17.1 1.18.7, 1.19.2 golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-2880 高危 v1.17.1 1.18.7, 1.19.2 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-29804 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:40

stdlib CVE-2022-30580 高危 v1.17.1 1.17.11, 1.18.3 golang: os/exec: Code injection in Cmd.Start

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30630 高危 v1.17.1 1.17.12, 1.18.4 golang: io/fs: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30631 高危 v1.17.1 1.17.12, 1.18.4 golang: compress/gzip: stack exhaustion in Reader.Read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30632 高危 v1.17.1 1.17.12, 1.18.4 golang: path/filepath: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30633 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Unmarshal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30634 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-07-15 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30635 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/gob: stack exhaustion in Decoder.Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-32189 高危 v1.17.1 1.17.13, 1.18.5 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41715 高危 v1.17.1 1.18.7, 1.19.2 golang: regexp/syntax: limit memory used by parsing regexps

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:16 修改: 2026-06-17 05:03

stdlib CVE-2022-41716 高危 v1.17.1 1.18.8, 1.19.3 Due to unsanitized NUL values, attackers may be able to maliciously se ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-11-02 16:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41720 高危 v1.17.1 1.18.9, 1.19.4 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-07 17:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41722 高危 v1.17.1 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41723 高危 v1.17.1 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41724 高危 v1.17.1 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41725 高危 v1.17.1 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24534 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24536 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24537 高危 v1.17.1 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24539 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.17.1 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.17.1 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.17.1 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45287 高危 v1.17.1 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-05 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.17.1 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.17.1 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.17.1 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.17.1 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.17.1 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.17.1 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.17.1 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.17.1 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.17.1 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.17.1 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.17.1 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/sys CVE-2022-29526 中危 v0.0.0-20210908233432-aa78b53d3365 0.0.0-20220412211240-33da011f77ad golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2021-44717 中危 v1.17.1 1.16.12, 1.17.5 golang: syscall: don't close fd 0 on ForkExec error

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-1705 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http: improper sanitization of Transfer-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:22

stdlib CVE-2022-1962 中危 v1.17.1 1.17.12, 1.18.4 golang: go/parser: stack exhaustion in all Parse* functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:23

stdlib CVE-2022-29526 中危 v1.17.1 1.17.10, 1.18.2 golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2022-32148 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41717 中危 v1.17.1 1.18.9, 1.19.4 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-08 20:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24532 中危 v1.17.1 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-03-08 20:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29406 中危 v1.17.1 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.17.1 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.17.1 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.17.1 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.17.1 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.17.1 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.17.1 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.17.1 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.17.1 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.17.1 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.17.1 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.17.1 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.17.1 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.17.1 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.17.1 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.17.1 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.17.1 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.17.1 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.17.1 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.17.1 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.17.1 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.17.1 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.17.1 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.17.1 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.17.1 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.17.1 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.17.1 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.17.1 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.17.1 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.17.1 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.17.1 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.17.1 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.17.1 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.17.1 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.17.1 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.17.1 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.17.1 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2022-30629 低危 v1.17.1 1.17.11, 1.18.3 golang: crypto/tls: session tickets lack random ticket_age_add

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2024-45341 低危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.17.1 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.17.1 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20210908233432-aa78b53d3365 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

root/.cache/esbuild/bin/esbuild-linux-arm64@0.12.29 (gobinary)
低危漏洞:4 中危漏洞:53 高危漏洞:52 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2022-23806 严重 v1.17.1 1.16.14, 1.17.7 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23806

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2023-24538 严重 v1.17.1 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24540 严重 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.17.1 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.17.1 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2021-41771 高危 v1.17.1 1.16.10, 1.17.3 golang: debug/macho: invalid dynamic symbol table command can cause panic

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41771

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-41772 高危 v1.17.1 1.16.10, 1.17.3 golang: archive/zip: Reader.Open panics on empty string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-44716 高危 v1.17.1 1.16.12, 1.17.5 golang: net/http: limit growth of header canonicalization cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-23772 高危 v1.17.1 1.16.14, 1.17.7 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2022-24675 高危 v1.17.1 1.17.9, 1.18.1 golang: encoding/pem: fix stack overflow in Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24675

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:32

stdlib CVE-2022-24921 高危 v1.17.1 1.16.15, 1.17.8 golang: regexp: stack exhaustion via a deeply nested expression

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24921

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-03-05 20:15 修改: 2026-06-17 04:32

stdlib CVE-2022-27664 高危 v1.17.1 1.18.6, 1.19.1 golang: net/http: handle server errors after sending GOAWAY

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-09-06 18:15 修改: 2026-06-17 04:37

stdlib CVE-2022-28131 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Decoder.Skip

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:38

stdlib CVE-2022-28327 高危 v1.17.1 1.17.9, 1.18.1 golang: crypto/elliptic: panic caused by oversized scalar

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28327

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:38

stdlib CVE-2022-2879 高危 v1.17.1 1.18.7, 1.19.2 golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-2880 高危 v1.17.1 1.18.7, 1.19.2 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-29804 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:40

stdlib CVE-2022-30580 高危 v1.17.1 1.17.11, 1.18.3 golang: os/exec: Code injection in Cmd.Start

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30630 高危 v1.17.1 1.17.12, 1.18.4 golang: io/fs: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30631 高危 v1.17.1 1.17.12, 1.18.4 golang: compress/gzip: stack exhaustion in Reader.Read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30632 高危 v1.17.1 1.17.12, 1.18.4 golang: path/filepath: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30633 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Unmarshal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30634 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-07-15 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30635 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/gob: stack exhaustion in Decoder.Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-32189 高危 v1.17.1 1.17.13, 1.18.5 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41715 高危 v1.17.1 1.18.7, 1.19.2 golang: regexp/syntax: limit memory used by parsing regexps

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:16 修改: 2026-06-17 05:03

stdlib CVE-2022-41716 高危 v1.17.1 1.18.8, 1.19.3 Due to unsanitized NUL values, attackers may be able to maliciously se ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-11-02 16:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41720 高危 v1.17.1 1.18.9, 1.19.4 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-07 17:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41722 高危 v1.17.1 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41723 高危 v1.17.1 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41724 高危 v1.17.1 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41725 高危 v1.17.1 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24534 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24536 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24537 高危 v1.17.1 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24539 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.17.1 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.17.1 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.17.1 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45287 高危 v1.17.1 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-05 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.17.1 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.17.1 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.17.1 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.17.1 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.17.1 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.17.1 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.17.1 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.17.1 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.17.1 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.17.1 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.17.1 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/sys CVE-2022-29526 中危 v0.0.0-20210908233432-aa78b53d3365 0.0.0-20220412211240-33da011f77ad golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2021-44717 中危 v1.17.1 1.16.12, 1.17.5 golang: syscall: don't close fd 0 on ForkExec error

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-1705 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http: improper sanitization of Transfer-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:22

stdlib CVE-2022-1962 中危 v1.17.1 1.17.12, 1.18.4 golang: go/parser: stack exhaustion in all Parse* functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:23

stdlib CVE-2022-29526 中危 v1.17.1 1.17.10, 1.18.2 golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2022-32148 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41717 中危 v1.17.1 1.18.9, 1.19.4 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-08 20:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24532 中危 v1.17.1 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-03-08 20:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29406 中危 v1.17.1 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.17.1 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.17.1 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.17.1 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.17.1 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.17.1 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.17.1 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.17.1 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.17.1 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.17.1 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.17.1 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.17.1 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.17.1 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.17.1 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.17.1 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.17.1 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.17.1 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.17.1 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.17.1 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.17.1 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.17.1 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.17.1 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.17.1 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.17.1 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.17.1 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.17.1 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.17.1 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.17.1 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.17.1 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.17.1 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.17.1 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.17.1 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.17.1 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.17.1 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.17.1 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.17.1 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.17.1 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2022-30629 低危 v1.17.1 1.17.11, 1.18.3 golang: crypto/tls: session tickets lack random ticket_age_add

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2024-45341 低危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.17.1 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.17.1 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20210908233432-aa78b53d3365 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

root/.local/share/pnpm/store/v3/files/63/4a23e66b2c7bd11d70e4c7a18bb0f74548d33a5b47e4c82e151cf89de77ce47151f0e0f4c2bb6d579e2ea1a8219c755b272c623f8fbe3af7b6e9f10c0a92db-exec (gobinary)
低危漏洞:4 中危漏洞:53 高危漏洞:52 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2022-23806 严重 v1.17.1 1.16.14, 1.17.7 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23806

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2023-24538 严重 v1.17.1 1.19.8, 1.20.3 golang: html/template: backticks not treated as string delimiters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24540 严重 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of JavaScript whitespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2024-24790 严重 v1.17.1 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.17.1 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2021-41771 高危 v1.17.1 1.16.10, 1.17.3 golang: debug/macho: invalid dynamic symbol table command can cause panic

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41771

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-41772 高危 v1.17.1 1.16.10, 1.17.3 golang: archive/zip: Reader.Open panics on empty string

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2021-11-08 06:15 修改: 2026-06-17 04:08

stdlib CVE-2021-44716 高危 v1.17.1 1.16.12, 1.17.5 golang: net/http: limit growth of header canonicalization cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-23772 高危 v1.17.1 1.16.14, 1.17.7 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23772

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-02-11 01:15 修改: 2026-06-17 04:30

stdlib CVE-2022-24675 高危 v1.17.1 1.17.9, 1.18.1 golang: encoding/pem: fix stack overflow in Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24675

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:32

stdlib CVE-2022-24921 高危 v1.17.1 1.16.15, 1.17.8 golang: regexp: stack exhaustion via a deeply nested expression

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24921

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-03-05 20:15 修改: 2026-06-17 04:32

stdlib CVE-2022-27664 高危 v1.17.1 1.18.6, 1.19.1 golang: net/http: handle server errors after sending GOAWAY

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-09-06 18:15 修改: 2026-06-17 04:37

stdlib CVE-2022-28131 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Decoder.Skip

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:38

stdlib CVE-2022-28327 高危 v1.17.1 1.17.9, 1.18.1 golang: crypto/elliptic: panic caused by oversized scalar

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28327

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-04-20 10:15 修改: 2026-06-17 04:38

stdlib CVE-2022-2879 高危 v1.17.1 1.18.7, 1.19.2 golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-2880 高危 v1.17.1 1.18.7, 1.19.2 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:15 修改: 2026-06-17 04:42

stdlib CVE-2022-29804 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:40

stdlib CVE-2022-30580 高危 v1.17.1 1.17.11, 1.18.3 golang: os/exec: Code injection in Cmd.Start

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30630 高危 v1.17.1 1.17.12, 1.18.4 golang: io/fs: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30631 高危 v1.17.1 1.17.12, 1.18.4 golang: compress/gzip: stack exhaustion in Reader.Read

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30632 高危 v1.17.1 1.17.12, 1.18.4 golang: path/filepath: stack exhaustion in Glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30633 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/xml: stack exhaustion in Unmarshal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30634 高危 v1.17.1 1.17.11, 1.18.3 ELSA-2022-17957: ol8addon security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-07-15 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-30635 高危 v1.17.1 1.17.12, 1.18.4 golang: encoding/gob: stack exhaustion in Decoder.Decode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2022-32189 高危 v1.17.1 1.17.13, 1.18.5 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41715 高危 v1.17.1 1.18.7, 1.19.2 golang: regexp/syntax: limit memory used by parsing regexps

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-10-14 15:16 修改: 2026-06-17 05:03

stdlib CVE-2022-41716 高危 v1.17.1 1.18.8, 1.19.3 Due to unsanitized NUL values, attackers may be able to maliciously se ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-11-02 16:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41720 高危 v1.17.1 1.18.9, 1.19.4 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-07 17:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41722 高危 v1.17.1 1.19.6, 1.20.1 golang: path/filepath: path-filepath filepath.Clean path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41723 高危 v1.17.1 1.19.6, 1.20.1 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41724 高危 v1.17.1 1.19.6, 1.20.1 golang: crypto/tls: large handshake records may cause panics

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2022-41725 高危 v1.17.1 1.19.6, 1.20.1 golang: net/http, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-02-28 18:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24534 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto: denial of service from excessive memory allocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24536 高危 v1.17.1 1.19.8, 1.20.3 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24537 高危 v1.17.1 1.19.8, 1.20.3 golang: go/parser: Infinite loop in parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-04-06 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-24539 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper sanitization of CSS values

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29400 高危 v1.17.1 1.19.9, 1.20.4 golang: html/template: improper handling of empty HTML attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-05-11 16:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29403 高危 v1.17.1 1.19.10, 1.20.5 golang: runtime: unexpected behavior of setuid/setgid binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-06-08 21:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39325 高危 v1.17.1 1.20.10, 1.21.3 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-10-11 22:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45283 高危 v1.17.1 1.20.11, 1.21.4, 1.20.12, 1.21.5 The filepath package does not recognize paths with a \??\ prefix as sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45287 高危 v1.17.1 1.20.0 golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-05 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45288 高危 v1.17.1 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.17.1 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.17.1 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.17.1 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.17.1 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.17.1 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.17.1 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.17.1 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.17.1 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.17.1 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.17.1 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.17.1 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.17.1 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/sys CVE-2022-29526 中危 v0.0.0-20210908233432-aa78b53d3365 0.0.0-20220412211240-33da011f77ad golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2021-44717 中危 v1.17.1 1.16.12, 1.17.5 golang: syscall: don't close fd 0 on ForkExec error

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-01-01 05:15 修改: 2026-06-17 04:12

stdlib CVE-2022-1705 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http: improper sanitization of Transfer-Encoding header

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:22

stdlib CVE-2022-1962 中危 v1.17.1 1.17.12, 1.18.4 golang: go/parser: stack exhaustion in all Parse* functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:23

stdlib CVE-2022-29526 中危 v1.17.1 1.17.10, 1.18.2 golang: syscall: faccessat checks wrong group

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-06-23 17:15 修改: 2026-06-17 04:40

stdlib CVE-2022-32148 中危 v1.17.1 1.17.12, 1.18.4 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:46

stdlib CVE-2022-41717 中危 v1.17.1 1.18.9, 1.19.4 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-12-08 20:15 修改: 2026-06-17 05:03

stdlib CVE-2023-24532 中危 v1.17.1 1.19.7, 1.20.2 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-03-08 20:15 修改: 2026-06-17 05:39

stdlib CVE-2023-29406 中危 v1.17.1 1.19.11, 1.20.6 golang: net/http: insufficient sanitization of Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-07-11 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-29409 中危 v1.17.1 1.19.12, 1.20.7, 1.21.0-rc.4 golang: crypto/tls: slow verification of certificate chains containing large RSA keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-08-02 20:15 修改: 2026-06-17 05:49

stdlib CVE-2023-39318 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of HTML-like comments within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39319 中危 v1.17.1 1.20.8, 1.21.1 golang: html/template: improper handling of special tags within script contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-09-08 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-39326 中危 v1.17.1 1.20.12, 1.21.5 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-12-06 17:15 修改: 2026-06-17 06:12

stdlib CVE-2023-45284 中危 v1.17.1 1.20.11, 1.21.4 On Windows, The IsLocal function does not correctly detect reserved de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2023-11-09 17:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45289 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.17.1 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.17.1 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.17.1 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.17.1 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.17.1 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.17.1 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.17.1 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.17.1 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.17.1 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.17.1 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.17.1 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.17.1 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.17.1 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.17.1 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.17.1 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.17.1 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.17.1 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.17.1 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.17.1 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.17.1 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.17.1 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.17.1 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.17.1 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.17.1 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.17.1 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.17.1 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.17.1 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.17.1 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.17.1 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.17.1 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.17.1 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.17.1 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.17.1 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.17.1 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.17.1 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.17.1 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2022-30629 低危 v1.17.1 1.17.11, 1.18.3 golang: crypto/tls: session tickets lack random ticket_age_add

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2022-08-10 20:15 修改: 2026-06-17 04:43

stdlib CVE-2024-45341 低危 v1.17.1 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.17.1 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.17.1 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20210908233432-aa78b53d3365 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:14ed92b431d3342a571fe37bfc532fbebf2e80f52a1ab11e14086229071f3855

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

usr/local/bin/mc (gobinary)
低危漏洞:2 中危漏洞:34 高危漏洞:30 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google.golang.org/grpc CVE-2026-33186 严重 v1.71.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-03-20 23:16 修改: 2026-07-10 12:16

stdlib CVE-2025-68121 严重 v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

golang.org/x/crypto CVE-2025-47913 高危 v0.40.0 0.43.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47913

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-11-13 22:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2026-39828 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39829 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39830 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39831 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39832 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-39835 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-42508 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:16

golang.org/x/crypto CVE-2026-46595 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-07-10 12:17

golang.org/x/crypto CVE-2026-46597 高危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2026-25681 高危 v0.42.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.42.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-33814 高危 v0.42.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

golang.org/x/net CVE-2026-39821 高危 v0.42.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-07-10 12:16

github.com/prometheus/prometheus CVE-2026-42151 高危 v0.303.0 0.311.3 github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42151

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-04 19:16 修改: 2026-07-10 12:16

github.com/prometheus/prometheus CVE-2026-42154 高危 v0.303.0 0.311.3, 0.305.2 github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42154

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-04 19:16 修改: 2026-07-09 13:17

stdlib CVE-2025-61726 高危 v1.24.6 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-01-28 20:16 修改: 2026-07-10 12:16

stdlib CVE-2025-61729 高危 v1.24.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.24.6 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-03-06 22:16 修改: 2026-07-10 12:16

stdlib CVE-2026-27145 高危 v1.24.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-06-02 23:16 修改: 2026-07-09 13:16

stdlib CVE-2026-32280 高危 v1.24.6 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-07-10 12:16

stdlib CVE-2026-32281 高危 v1.24.6 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.24.6 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-07-09 13:16

stdlib CVE-2026-33811 高危 v1.24.6 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-33814 高危 v1.24.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39820 高危 v1.24.6 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-39822 高危 v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-39836 高危 v1.24.6 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.24.6 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-07-10 12:16

stdlib CVE-2026-42504 高危 v1.24.6 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-46598 中危 v0.40.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

github.com/prometheus/prometheus CVE-2026-40179 中危 v0.303.0 0.311.2-0.20260410083055-07c6232d159b Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40179

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-15 23:16 修改: 2026-06-17 10:44

github.com/prometheus/prometheus CVE-2026-44903 中危 v0.303.0 0.311.3 Prometheus is an open-source monitoring system and time series databas ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44903

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-26 22:16 修改: 2026-06-17 10:51

golang.org/x/crypto CVE-2025-47914 中危 v0.40.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:28

golang.org/x/crypto CVE-2025-58181 中危 v0.40.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-11-19 21:15 修改: 2026-06-17 09:44

golang.org/x/net CVE-2025-47911 中危 v0.42.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47911

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:28

golang.org/x/net CVE-2025-58190 中危 v0.42.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58190

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:44

golang.org/x/net CVE-2026-25680 中危 v0.42.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42502 中危 v0.42.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via unexpected HTML tree rendering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/net CVE-2026-42506 中危 v0.42.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39827 中危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via repeated rejected channel openings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.40.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39834 中危 v0.40.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service due to integer overflow in SSH channel write

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

stdlib CVE-2025-47912 中危 v1.24.6 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.24.6 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.24.6 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.24.6 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.24.6 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.24.6 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.24.6 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.24.6 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.24.6 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.24.6 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.24.6 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.24.6 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.24.6 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.24.6 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.24.6 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.24.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.24.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.24.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.24.6 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-07-08 17:17 修改: 2026-07-10 18:57

stdlib CVE-2026-42507 中危 v1.24.6 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2025-58186 低危 v1.24.6 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.24.6 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.34.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/crypto GO-2026-5932 未知 v0.40.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:c11cb3275d9322d12778b3f389b5952a7349c21ad60f49889c622687d93bb1f2

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×