| Authlib |
CVE-2026-27962 |
严重 |
1.2.1 |
1.6.9 |
authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27962
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16
|
| Authlib |
CVE-2024-37568 |
高危 |
1.2.1 |
1.3.1 |
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37568
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-06-09 19:15 修改: 2026-06-17 07:38
|
| Authlib |
CVE-2025-59420 |
高危 |
1.2.1 |
1.6.4 |
authlib: Authlib RFC violation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59420
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-09-22 18:15 修改: 2026-06-17 09:46
|
| Authlib |
CVE-2025-61920 |
高危 |
1.2.1 |
1.6.5 |
authlib: Authlib Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61920
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-10-10 20:15 修改: 2026-06-17 09:51
|
| Authlib |
CVE-2026-28490 |
高危 |
1.2.1 |
1.6.9 |
authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28490
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:28
|
| Authlib |
CVE-2026-28498 |
高危 |
1.2.1 |
1.6.9 |
authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28498
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16
|
| PyJWT |
CVE-2026-32597 |
高危 |
2.8.0 |
2.12.0 |
pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32597
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-13 19:55 修改: 2026-07-10 12:16
|
| PyJWT |
CVE-2026-48526 |
高危 |
2.8.0 |
2.13.0 |
python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-28 16:16 修改: 2026-07-10 12:17
|
| Werkzeug |
CVE-2024-34069 |
高危 |
2.2.3 |
3.0.3 |
python-werkzeug: user may execute code on a developer's machine
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34069
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-05-06 15:15 修改: 2026-06-17 07:32
|
| aiohttp |
CVE-2024-23334 |
高危 |
3.8.6 |
3.9.2 |
aiohttp: follow_symlinks directory traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23334
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-01-29 23:15 修改: 2026-06-17 07:12
|
| aiohttp |
CVE-2024-30251 |
高危 |
3.8.6 |
3.9.4 |
aiohttp: DoS when trying to parse malformed POST requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30251
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-05-02 14:15 修改: 2026-06-17 07:26
|
| aiohttp |
CVE-2025-69223 |
高危 |
3.8.6 |
3.13.3 |
aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69223
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-05 22:15 修改: 2026-07-10 12:16
|
| cryptography |
CVE-2026-26007 |
高危 |
45.0.7 |
46.0.5 |
cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26007
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-02-10 22:17 修改: 2026-07-01 13:16
|
| cryptography |
GHSA-537c-gmf6-5ccf |
高危 |
45.0.7 |
48.0.1 |
Vulnerable OpenSSL included in cryptography wheels
漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
|
| pyOpenSSL |
CVE-2026-27459 |
高危 |
25.3.0 |
26.0.0 |
pyOpenSSL: DTLS cookie callback buffer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27459
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-18 00:16 修改: 2026-07-01 13:16
|
| setuptools |
CVE-2024-6345 |
高危 |
68.0.0 |
70.0.0 |
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17
|
| setuptools |
CVE-2025-47273 |
高危 |
68.0.0 |
78.1.1 |
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27
|
| urllib3 |
CVE-2025-66418 |
高危 |
2.0.6 |
2.6.0 |
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56
|
| urllib3 |
CVE-2025-66471 |
高危 |
2.0.6 |
2.6.0 |
urllib3: urllib3 Streaming API improperly handles highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56
|
| urllib3 |
CVE-2026-21441 |
高危 |
2.0.6 |
2.6.3 |
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16
|
| urllib3 |
CVE-2026-44431 |
高危 |
2.0.6 |
2.7.0 |
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16
|
| wheel |
CVE-2026-24049 |
高危 |
0.42.0 |
0.46.2 |
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16
|
| Werkzeug |
CVE-2024-49767 |
中危 |
2.2.3 |
3.0.6 |
werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49767
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-10-25 20:15 修改: 2026-06-17 08:00
|
| Werkzeug |
CVE-2025-66221 |
中危 |
2.2.3 |
3.1.4 |
Werkzeug: Werkzeug: Denial of service via Windows device names in path segments
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66221
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-11-29 03:16 修改: 2026-06-17 09:56
|
| Werkzeug |
CVE-2026-21860 |
中危 |
2.2.3 |
3.1.5 |
Werkzeug safe_join() allows Windows special device names with compound extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21860
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-08 19:15 修改: 2026-06-17 10:19
|
| Werkzeug |
CVE-2026-27199 |
中危 |
2.2.3 |
3.1.6 |
Werkzeug safe_join() allows Windows special device names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27199
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-02-21 06:17 修改: 2026-06-17 10:26
|
| Authlib |
CVE-2026-41479 |
中危 |
1.2.1 |
1.6.10, 1.7.1 |
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41479
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 21:16 修改: 2026-06-26 20:10
|
| Authlib |
CVE-2026-44681 |
中危 |
1.2.1 |
1.7.1, 1.6.12 |
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44681
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51
|
| Flask-Cors |
CVE-2024-6839 |
中危 |
5.0.0 |
6.0.0 |
corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6839
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18
|
| aiohttp |
CVE-2023-49081 |
中危 |
3.8.6 |
3.9.0 |
aiohttp: HTTP request modification
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49081
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2023-11-30 07:15 修改: 2026-06-23 18:17
|
| aiohttp |
CVE-2023-49082 |
中危 |
3.8.6 |
3.9.0 |
aiohttp: CRLF injection if user controls the HTTP method using aiohttp client
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49082
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2023-11-29 20:15 修改: 2026-06-23 18:17
|
| aiohttp |
CVE-2024-23829 |
中危 |
3.8.6 |
3.9.2 |
python-aiohttp: http request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23829
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-01-29 23:15 修改: 2026-06-17 07:13
|
| aiohttp |
CVE-2024-27306 |
中危 |
3.8.6 |
3.9.4 |
aiohttp: XSS on index pages for static file handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27306
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-04-18 15:15 修改: 2026-06-17 07:19
|
| aiohttp |
CVE-2024-52304 |
中危 |
3.8.6 |
3.10.11 |
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52304
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-11-18 21:15 修改: 2026-06-17 08:06
|
| aiohttp |
CVE-2025-69227 |
中危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Denial of Service via specially crafted POST request
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69227
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2025-69228 |
中危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69228
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2025-69229 |
中危 |
3.8.6 |
3.13.3 |
aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69229
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2026-22815 |
中危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22815
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:20
|
| aiohttp |
CVE-2026-34515 |
中危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34515
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34516 |
中危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Denial of Service via excessive multipart headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34516
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34525 |
中危 |
3.8.6 |
3.13.4 |
aiohttp: aiohttp: Security bypass via multiple Host headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34525
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34993 |
中危 |
3.8.6 |
3.14.0 |
aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-02 20:16 修改: 2026-07-10 12:16
|
| aiohttp |
CVE-2026-47265 |
中危 |
3.8.6 |
3.14.0 |
python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:54
|
| aiohttp |
CVE-2026-54273 |
中危 |
3.8.6 |
3.14.1 |
aiohttp: AIOHTTP: Denial of Service via excessive pipelined requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37
|
| aiohttp |
CVE-2026-54274 |
中危 |
3.8.6 |
3.14.1 |
aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37
|
| aiohttp |
CVE-2026-54276 |
中危 |
3.8.6 |
3.14.1 |
aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-30 18:18
|
| aiohttp |
CVE-2026-54277 |
中危 |
3.8.6 |
3.14.1 |
aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-30 18:11
|
| aiohttp |
CVE-2026-54278 |
中危 |
3.8.6 |
3.14.1 |
aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request body
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:27
|
| Flask-Cors |
CVE-2024-6844 |
中危 |
5.0.0 |
6.0.0 |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6844
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18
|
| Flask-Cors |
CVE-2024-6866 |
中危 |
5.0.0 |
6.0.0 |
corydolphin/flask-cors version 4.01 contains a vulnerability where the ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6866
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-03-20 10:15 修改: 2026-06-17 08:18
|
| cryptography |
CVE-2026-39892 |
中危 |
45.0.7 |
46.0.7 |
cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16
|
| diskcache |
CVE-2025-69872 |
中危 |
5.6.3 |
|
python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69872
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-02-11 19:15 修改: 2026-07-08 13:16
|
| dnspython |
CVE-2023-29483 |
中危 |
2.3.0 |
2.6.1 |
dnspython: denial of service in stub resolver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29483
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-04-11 14:15 修改: 2026-06-17 05:50
|
| filelock |
CVE-2025-68146 |
中危 |
3.12.2 |
3.20.1 |
filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbitrary file corruption or truncation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68146
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-12-16 19:15 修改: 2026-06-17 09:58
|
| filelock |
CVE-2026-22701 |
中危 |
3.12.2 |
3.20.3 |
filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLock
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22701
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-10 06:15 修改: 2026-06-17 10:20
|
| idna |
CVE-2026-45409 |
中危 |
3.10 |
3.15 |
python-idna: idna: Denial of Service via specially crafted long inputs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52
|
| marshmallow |
CVE-2025-68480 |
中危 |
3.19.0 |
3.26.2, 4.1.2 |
github.com/marshmallow-code/marshmallow: Marshmallow: Denial of Service via crafted request to Schema.load function
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68480
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-12-22 22:16 修改: 2026-06-17 09:59
|
| pip |
CVE-2025-8869 |
中危 |
24.0 |
25.3 |
pip: pip missing checks on symbolic link extraction
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07
|
| pip |
CVE-2026-3219 |
中危 |
24.0 |
26.1 |
pip: pip: Incorrect file installation due to improper archive handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43
|
| pip |
CVE-2026-6357 |
中危 |
24.0 |
26.1 |
pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00
|
| pip |
CVE-2026-8643 |
中危 |
24.0 |
26.1.2 |
python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17
|
| Authlib |
CVE-2025-62706 |
中危 |
1.2.1 |
1.6.5 |
authlib: Authlib : JWE zip=DEF decompression bomb enables DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62706
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-10-22 22:15 修改: 2026-06-17 09:52
|
| python-dotenv |
CVE-2026-28684 |
中危 |
0.21.1 |
1.2.2 |
python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28684
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-20 17:16 修改: 2026-06-17 10:28
|
| requests |
CVE-2024-35195 |
中危 |
2.31.0 |
2.32.0 |
requests: subsequent requests to the same host ignore cert verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-05-20 21:15 修改: 2026-06-17 07:34
|
| requests |
CVE-2024-47081 |
中危 |
2.31.0 |
2.32.4 |
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56
|
| requests |
CVE-2026-25645 |
中危 |
2.31.0 |
2.33.0 |
requests: Requests: Security bypass due to predictable temporary file creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25
|
| Authlib |
CVE-2025-68158 |
中危 |
1.2.1 |
1.6.6 |
Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68158
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-08 18:15 修改: 2026-06-17 09:58
|
| PyJWT |
CVE-2026-48522 |
中危 |
2.8.0 |
2.13.0 |
python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| PyJWT |
CVE-2026-48525 |
中危 |
2.8.0 |
2.13.0 |
python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| PyNaCl |
CVE-2025-69277 |
中危 |
1.5.0 |
1.6.2 |
libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69277
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-12-31 06:15 修改: 2026-06-17 10:00
|
| Authlib |
CVE-2026-41425 |
中危 |
1.2.1 |
1.6.11 |
authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41425
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-24 20:16 修改: 2026-06-17 10:46
|
| Werkzeug |
CVE-2023-46136 |
中危 |
2.2.3 |
3.0.1, 2.3.8 |
python-werkzeug: high resource consumption leading to denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46136
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:30
|
| urllib3 |
CVE-2023-45803 |
中危 |
2.0.6 |
2.0.7, 1.26.18 |
urllib3: Request body not stripped after redirect from 303 status changes request method to GET
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45803
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2023-10-17 20:15 修改: 2026-06-17 06:29
|
| urllib3 |
CVE-2024-37891 |
中危 |
2.0.6 |
1.26.19, 2.2.2 |
urllib3: proxy-authorization request header is not stripped during cross-origin redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38
|
| urllib3 |
CVE-2025-50181 |
中危 |
2.0.6 |
2.5.0 |
urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34
|
| Werkzeug |
CVE-2024-49766 |
中危 |
2.2.3 |
3.0.6 |
werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49766
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-10-25 20:15 修改: 2026-06-17 08:00
|
| zipp |
CVE-2024-5569 |
中危 |
3.15.0 |
3.19.1 |
github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2024-07-09 00:15 修改: 2026-06-17 08:16
|
| aiohttp |
CVE-2026-34518 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34518
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34519 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: aiohttp: Header injection vulnerability via reason parameter
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34519
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34520 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34520
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39
|
| pip |
CVE-2026-1703 |
低危 |
24.0 |
26.0 |
pip: pip: Information disclosure via path traversal when installing crafted wheel archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16
|
| aiohttp |
CVE-2026-50269 |
低危 |
3.8.6 |
3.14.0 |
aiohttp: AIOHTTP: CRLF injection in multipart headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:39
|
| pyOpenSSL |
CVE-2026-27448 |
低危 |
25.3.0 |
26.0.0 |
pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27448
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-18 00:16 修改: 2026-06-17 10:27
|
| aiohttp |
CVE-2026-54275 |
低危 |
3.8.6 |
3.14.1 |
aiohttp: AIOHTTP: TLS SNI check bypass via connection reuse
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36
|
| aiohttp |
CVE-2026-54279 |
低危 |
3.8.6 |
3.14.1 |
aiohttp: AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36
|
| aiohttp |
CVE-2026-54280 |
低危 |
3.8.6 |
3.14.1 |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:35
|
| Flask |
CVE-2026-27205 |
低危 |
2.2.5 |
3.1.3 |
flask: Flask: Information disclosure via improper caching of session data
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27205
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-02-21 06:17 修改: 2026-06-17 10:26
|
| PyJWT |
CVE-2026-48524 |
低危 |
2.8.0 |
2.13.0 |
python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| aiohttp |
CVE-2025-53643 |
低危 |
3.8.6 |
3.12.14 |
aiohttp: AIOHTTP HTTP Request/Response Smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53643
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2025-07-14 21:15 修改: 2026-06-17 09:38
|
| cryptography |
CVE-2026-34073 |
低危 |
45.0.7 |
46.0.6 |
python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
|
| aiohttp |
CVE-2025-69224 |
低危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Request smuggling via non-ASCII characters in HTTP parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69224
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-05 23:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2025-69225 |
低危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Request smuggling vulnerability via non-ASCII decimals in Range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69225
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2025-69226 |
低危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Information disclosure of path components via static file path normalization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69226
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-05 23:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2025-69230 |
低危 |
3.8.6 |
3.13.3 |
aiohttp: aiohttp: Denial of Service via specially crafted invalid cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69230
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-01-06 00:15 修改: 2026-06-17 10:00
|
| aiohttp |
CVE-2026-34513 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34513
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39
|
| aiohttp |
CVE-2026-34514 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34514
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39
|
| paramiko |
CVE-2026-44405 |
低危 |
3.5.1 |
|
paramiko: Paramiko: Data integrity could be compromised due to SHA-1 algorithm use
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44405
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-05-06 00:16 修改: 2026-06-17 10:50
|
| aiohttp |
CVE-2026-34517 |
低危 |
3.8.6 |
3.13.4 |
aiohttp: AIOHTTP: Denial of Service via large multipart form fields
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34517
镜像层: sha256:881368f9478dc01a8b0eaa9057e36e5fbc111bc4e01b78572b400f1ddc725d14
发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39
|