| cross-spawn |
CVE-2024-21538 |
高危 |
7.0.3 |
7.0.5, 6.0.6 |
cross-spawn: regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09
|
| glob |
CVE-2025-64756 |
高危 |
10.2.7 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55
|
| ip |
CVE-2024-29415 |
高危 |
2.0.0 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22
|
| minimatch |
CVE-2026-26996 |
高危 |
3.1.2 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-26996 |
高危 |
3.1.2 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-27903 |
高危 |
3.1.2 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27903 |
高危 |
3.1.2 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
3.1.2 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
3.1.2 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-26996 |
高危 |
9.0.1 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-27903 |
高危 |
9.0.1 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
9.0.1 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| sigstore |
CVE-2026-48815 |
高危 |
1.6.0 |
4.1.1 |
sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2026-23745 |
高危 |
6.1.15 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-23950 |
高危 |
6.1.15 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-24842 |
高危 |
6.1.15 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17
|
| tar |
CVE-2026-26960 |
高危 |
6.1.15 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-29786 |
高危 |
6.1.15 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18
|
| tar |
CVE-2026-31802 |
高危 |
6.1.15 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| brace-expansion |
CVE-2026-33750 |
中危 |
1.1.11 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.1 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| brace-expansion |
CVE-2026-33750 |
中危 |
1.1.11 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| tar |
CVE-2024-28863 |
中危 |
6.1.15 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21
|
| tar |
CVE-2026-53655 |
中危 |
6.1.15 |
7.5.16 |
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| brace-expansion |
CVE-2025-5889 |
低危 |
2.0.1 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48
|
| brace-expansion |
CVE-2025-5889 |
低危 |
1.1.11 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48
|
| diff |
CVE-2026-24001 |
低危 |
5.1.0 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17
|
| brace-expansion |
CVE-2025-5889 |
低危 |
1.1.11 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48
|
| @tootallnate/once |
CVE-2026-3449 |
低危 |
2.0.0 |
3.0.1, 2.0.1 |
@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43
|
| ip |
CVE-2023-42282 |
低危 |
2.0.0 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:41aa773b1fac3e81aec0eb84ace8d622eb7a1ccc3de2e832cecf50c1f7b25afb
发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23
|