docker.io/mouday/domain-admin:v1.6.78 linux/amd64

docker.io/mouday/domain-admin:v1.6.78 - Trivy安全扫描结果 扫描时间: 2026-07-14 14:03
全部漏洞信息
低危漏洞:21 中危漏洞:58 高危漏洞:29 严重漏洞:1

系统OS: alpine 3.16.3 扫描引擎: Trivy 扫描时间: 2026-07-14 14:03

docker.io/mouday/domain-admin:v1.6.78 (alpine 3.16.3) (alpine)
低危漏洞:0 中危漏洞:3 高危漏洞:8 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
expat CVE-2023-52425 高危 2.5.0-r0 2.6.0-r0 expat: parsing large tokens can trigger a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52425

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2024-02-04 20:15 修改: 2026-06-17 06:42

expat CVE-2024-28757 高危 2.5.0-r0 2.6.2-r0 expat: XML Entity Expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28757

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2024-03-10 05:15 修改: 2026-06-17 07:21

krb5-libs CVE-2022-42898 高危 1.19.3-r0 1.19.4-r0 krb5: integer overflow vulnerabilities in PAC parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42898

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2022-12-25 06:15 修改: 2026-06-17 05:05

libcom_err CVE-2022-1304 高危 1.46.5-r0 1.46.6-r0 e2fsprogs: out-of-bounds read/write via crafted filesystem

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1304

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2022-04-14 21:15 修改: 2026-06-17 04:22

musl-utils CVE-2025-26519 高危 1.2.3-r1 1.2.3-r4 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

ncurses-libs CVE-2023-29491 高危 6.3_p20220521-r0 6.3_p20220521-r1 ncurses: Local users can trigger security-relevant memory corruption via malformed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2023-04-14 01:15 修改: 2026-06-17 05:50

ncurses-terminfo-base CVE-2023-29491 高危 6.3_p20220521-r0 6.3_p20220521-r1 ncurses: Local users can trigger security-relevant memory corruption via malformed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29491

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2023-04-14 01:15 修改: 2026-06-17 05:50

sqlite-libs CVE-2023-7104 高危 3.38.5-r0 3.40.1-r1 sqlite: heap-buffer-overflow at sessionfuzz

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7104

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2023-12-29 10:15 修改: 2026-06-17 06:52

busybox CVE-2023-42366 中危 1.35.0-r17 1.35.0-r18 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

expat CVE-2023-52426 中危 2.5.0-r0 2.6.0-r0 expat: recursive XML entity expansion vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52426

镜像层: sha256:fff68df5095ce8cae623459755566fb082412fdd4624b3c547e6b44d61a83469

发布日期: 2024-02-04 20:15 修改: 2026-06-17 06:42

ssl_client CVE-2023-42366 中危 1.35.0-r17 1.35.0-r18 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:e5e13b0c77cbb769548077189c3da2f0a764ceca06af49d8d558e759f5c232bd

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Python (python-pkg)
低危漏洞:21 中危漏洞:55 高危漏洞:21 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Authlib CVE-2026-27962 严重 1.2.1 1.6.9 authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27962

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16

Authlib CVE-2024-37568 高危 1.2.1 1.3.1 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37568

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-06-09 19:15 修改: 2026-06-17 07:38

Authlib CVE-2025-59420 高危 1.2.1 1.6.4 authlib: Authlib RFC violation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59420

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-09-22 18:15 修改: 2026-06-17 09:46

Authlib CVE-2025-61920 高危 1.2.1 1.6.5 authlib: Authlib Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61920

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51

Authlib CVE-2026-28490 高危 1.2.1 1.6.9 authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28490

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:28

Authlib CVE-2026-28498 高危 1.2.1 1.6.9 authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28498

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16

PyJWT CVE-2026-32597 高危 2.8.0 2.12.0 pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32597

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-13 19:55 修改: 2026-07-10 12:16

PyJWT CVE-2026-48526 高危 2.8.0 2.13.0 python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-28 16:16 修改: 2026-07-10 12:17

Werkzeug CVE-2024-34069 高危 2.2.3 3.0.3 python-werkzeug: user may execute code on a developer's machine

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34069

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-05-06 15:15 修改: 2026-06-17 07:32

aiohttp CVE-2024-23334 高危 3.8.6 3.9.2 aiohttp: follow_symlinks directory traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23334

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-01-29 23:15 修改: 2026-06-17 07:12

aiohttp CVE-2024-30251 高危 3.8.6 3.9.4 aiohttp: DoS when trying to parse malformed POST requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30251

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-05-02 14:15 修改: 2026-06-17 07:26

aiohttp CVE-2025-69223 高危 3.8.6 3.13.3 aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69223

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-05 22:15 修改: 2026-07-10 12:16

cryptography CVE-2026-26007 高危 45.0.7 46.0.5 cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26007

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-02-10 22:17 修改: 2026-07-01 13:16

cryptography GHSA-537c-gmf6-5ccf 高危 45.0.7 48.0.1 Vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

pyOpenSSL CVE-2026-27459 高危 25.3.0 26.0.0 pyOpenSSL: DTLS cookie callback buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27459

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-18 00:16 修改: 2026-07-01 13:16

setuptools CVE-2024-6345 高危 68.0.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2025-47273 高危 68.0.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

urllib3 CVE-2025-66418 高危 2.0.6 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56

urllib3 CVE-2025-66471 高危 2.0.6 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56

urllib3 CVE-2026-21441 高危 2.0.6 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16

urllib3 CVE-2026-44431 高危 2.0.6 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

wheel CVE-2026-24049 高危 0.42.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16

Werkzeug CVE-2024-49767 中危 2.2.3 3.0.6 werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49767

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-10-25 20:15 修改: 2026-06-17 08:00

Werkzeug CVE-2025-66221 中危 2.2.3 3.1.4 Werkzeug: Werkzeug: Denial of service via Windows device names in path segments

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66221

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-11-29 03:16 修改: 2026-06-17 09:56

Werkzeug CVE-2026-21860 中危 2.2.3 3.1.5 Werkzeug safe_join() allows Windows special device names with compound extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21860

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-08 19:15 修改: 2026-06-17 10:19

Werkzeug CVE-2026-27199 中危 2.2.3 3.1.6 Werkzeug safe_join() allows Windows special device names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27199

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-02-21 06:17 修改: 2026-06-17 10:26

Authlib CVE-2026-41479 中危 1.2.1 1.6.10, 1.7.1 Authlib is a Python library which builds OAuth and OpenID Connect serv ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41479

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 21:16 修改: 2026-06-26 20:10

Authlib CVE-2026-44681 中危 1.2.1 1.7.1, 1.6.12 Authlib is a Python library which builds OAuth and OpenID Connect serv ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44681

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51

Flask-Cors CVE-2024-6839 中危 5.0.0 6.0.0 corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6839

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18

aiohttp CVE-2023-49081 中危 3.8.6 3.9.0 aiohttp: HTTP request modification

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49081

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2023-11-30 07:15 修改: 2026-06-23 18:17

aiohttp CVE-2023-49082 中危 3.8.6 3.9.0 aiohttp: CRLF injection if user controls the HTTP method using aiohttp client

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49082

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2023-11-29 20:15 修改: 2026-06-23 18:17

aiohttp CVE-2024-23829 中危 3.8.6 3.9.2 python-aiohttp: http request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23829

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-01-29 23:15 修改: 2026-06-17 07:13

aiohttp CVE-2024-27306 中危 3.8.6 3.9.4 aiohttp: XSS on index pages for static file handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27306

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-04-18 15:15 修改: 2026-06-17 07:19

aiohttp CVE-2024-52304 中危 3.8.6 3.10.11 aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52304

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-11-18 21:15 修改: 2026-06-17 08:06

aiohttp CVE-2025-69227 中危 3.8.6 3.13.3 aiohttp: aiohttp: Denial of Service via specially crafted POST request

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69227

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00

aiohttp CVE-2025-69228 中危 3.8.6 3.13.3 aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69228

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00

aiohttp CVE-2025-69229 中危 3.8.6 3.13.3 aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69229

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00

aiohttp CVE-2026-22815 中危 3.8.6 3.13.4 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22815

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:20

aiohttp CVE-2026-34515 中危 3.8.6 3.13.4 aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34515

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34516 中危 3.8.6 3.13.4 aiohttp: AIOHTTP: Denial of Service via excessive multipart headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34516

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34525 中危 3.8.6 3.13.4 aiohttp: aiohttp: Security bypass via multiple Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34525

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

aiohttp CVE-2026-34993 中危 3.8.6 3.14.0 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-02 20:16 修改: 2026-07-10 12:16

aiohttp CVE-2026-47265 中危 3.8.6 3.14.0 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:54

aiohttp CVE-2026-54273 中危 3.8.6 3.14.1 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37

aiohttp CVE-2026-54274 中危 3.8.6 3.14.1 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37

aiohttp CVE-2026-54276 中危 3.8.6 3.14.1 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-30 18:18

aiohttp CVE-2026-54277 中危 3.8.6 3.14.1 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-30 18:11

aiohttp CVE-2026-54278 中危 3.8.6 3.14.1 aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request body

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:27

Flask-Cors CVE-2024-6844 中危 5.0.0 6.0.0 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6844

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18

Flask-Cors CVE-2024-6866 中危 5.0.0 6.0.0 corydolphin/flask-cors version 4.01 contains a vulnerability where the ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6866

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18

cryptography CVE-2026-39892 中危 45.0.7 46.0.7 cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16

diskcache CVE-2025-69872 中危 5.6.3 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69872

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-02-11 19:15 修改: 2026-07-08 13:16

dnspython CVE-2023-29483 中危 2.3.0 2.6.1 dnspython: denial of service in stub resolver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29483

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-04-11 14:15 修改: 2026-06-17 05:50

filelock CVE-2025-68146 中危 3.12.2 3.20.1 filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbitrary file corruption or truncation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68146

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-12-16 19:15 修改: 2026-06-17 09:58

filelock CVE-2026-22701 中危 3.12.2 3.20.3 filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLock

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22701

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-10 06:15 修改: 2026-06-17 10:20

idna CVE-2026-45409 中危 3.10 3.15 python-idna: idna: Denial of Service via specially crafted long inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

marshmallow CVE-2025-68480 中危 3.19.0 3.26.2, 4.1.2 github.com/marshmallow-code/marshmallow: Marshmallow: Denial of Service via crafted request to Schema.load function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68480

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-12-22 22:16 修改: 2026-06-17 09:59

pip CVE-2025-8869 中危 24.0 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2026-3219 中危 24.0 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 24.0 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-8643 中危 24.0 26.1.2 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17

Authlib CVE-2025-62706 中危 1.2.1 1.6.5 authlib: Authlib : JWE zip=DEF decompression bomb enables DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62706

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-10-22 22:15 修改: 2026-06-17 09:52

python-dotenv CVE-2026-28684 中危 0.21.1 1.2.2 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28684

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-20 17:16 修改: 2026-06-17 10:28

requests CVE-2024-35195 中危 2.31.0 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-05-20 21:15 修改: 2026-06-17 07:34

requests CVE-2024-47081 中危 2.31.0 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56

requests CVE-2026-25645 中危 2.31.0 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

Authlib CVE-2025-68158 中危 1.2.1 1.6.6 Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68158

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-08 18:15 修改: 2026-06-17 09:58

PyJWT CVE-2026-48522 中危 2.8.0 2.13.0 python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

PyJWT CVE-2026-48525 中危 2.8.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

PyNaCl CVE-2025-69277 中危 1.5.0 1.6.2 libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69277

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-12-31 06:15 修改: 2026-06-17 10:00

Authlib CVE-2026-41425 中危 1.2.1 1.6.11 authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41425

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-24 20:16 修改: 2026-06-17 10:46

Werkzeug CVE-2023-46136 中危 2.2.3 3.0.1, 2.3.8 python-werkzeug: high resource consumption leading to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46136

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:30

urllib3 CVE-2023-45803 中危 2.0.6 2.0.7, 1.26.18 urllib3: Request body not stripped after redirect from 303 status changes request method to GET

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45803

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2023-10-17 20:15 修改: 2026-06-17 06:29

urllib3 CVE-2024-37891 中危 2.0.6 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

urllib3 CVE-2025-50181 中危 2.0.6 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

Werkzeug CVE-2024-49766 中危 2.2.3 3.0.6 werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49766

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-10-25 20:15 修改: 2026-06-17 08:00

zipp CVE-2024-5569 中危 3.15.0 3.19.1 github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2024-07-09 00:15 修改: 2026-06-17 08:16

aiohttp CVE-2026-34518 低危 3.8.6 3.13.4 aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34518

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

aiohttp CVE-2026-34519 低危 3.8.6 3.13.4 aiohttp: aiohttp: Header injection vulnerability via reason parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34519

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

aiohttp CVE-2026-34520 低危 3.8.6 3.13.4 aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34520

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

pip CVE-2026-1703 低危 24.0 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

aiohttp CVE-2026-50269 低危 3.8.6 3.14.0 aiohttp: AIOHTTP: CRLF injection in multipart headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:39

pyOpenSSL CVE-2026-27448 低危 25.3.0 26.0.0 pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27448

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-18 00:16 修改: 2026-06-17 10:27

aiohttp CVE-2026-54275 低危 3.8.6 3.14.1 aiohttp: AIOHTTP: TLS SNI check bypass via connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36

aiohttp CVE-2026-54279 低危 3.8.6 3.14.1 aiohttp: AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36

aiohttp CVE-2026-54280 低危 3.8.6 3.14.1 AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:35

Flask CVE-2026-27205 低危 2.2.5 3.1.3 flask: Flask: Information disclosure via improper caching of session data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27205

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-02-21 06:17 修改: 2026-06-17 10:26

PyJWT CVE-2026-48524 低危 2.8.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

aiohttp CVE-2025-53643 低危 3.8.6 3.12.14 aiohttp: AIOHTTP HTTP Request/Response Smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53643

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2025-07-14 21:15 修改: 2026-06-17 09:38

cryptography CVE-2026-34073 低危 45.0.7 46.0.6 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

aiohttp CVE-2025-69224 低危 3.8.6 3.13.3 aiohttp: aiohttp: Request smuggling via non-ASCII characters in HTTP parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69224

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-05 23:15 修改: 2026-06-17 10:00

aiohttp CVE-2025-69225 低危 3.8.6 3.13.3 aiohttp: aiohttp: Request smuggling vulnerability via non-ASCII decimals in Range header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69225

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00

aiohttp CVE-2025-69226 低危 3.8.6 3.13.3 aiohttp: aiohttp: Information disclosure of path components via static file path normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69226

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-05 23:15 修改: 2026-06-17 10:00

aiohttp CVE-2025-69230 低危 3.8.6 3.13.3 aiohttp: aiohttp: Denial of Service via specially crafted invalid cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69230

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00

aiohttp CVE-2026-34513 低危 3.8.6 3.13.4 aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34513

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34514 低危 3.8.6 3.13.4 aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34514

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

paramiko CVE-2026-44405 低危 3.5.1 paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44405

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-05-06 00:16 修改: 2026-06-17 10:50

aiohttp CVE-2026-34517 低危 3.8.6 3.13.4 aiohttp: AIOHTTP: Denial of Service via large multipart form fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34517

镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

/app/domain_admin/public/js/index.050be558.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/app/domain_admin/public/m/assets/index-9c365a03.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×