docker.io/node:22.12.0-alpine3.19 linux/amd64

docker.io/node:22.12.0-alpine3.19 - Trivy安全扫描结果扫描时间: 2026-06-11 17:26

全部漏洞信息

低危漏洞:11

中危漏洞:9

高危漏洞:21

严重漏洞:0

系统OS: alpine 3.19.4 扫描引擎: Trivy 扫描时间: 2026-06-11 17:26

docker.io/node:22.12.0-alpine3.19 (alpine 3.19.4) (alpine)

低危漏洞:9

中危漏洞:7

高危漏洞:4

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
musl	CVE-2025-26519	高危	1.2.4_git20230717-r4	1.2.4_git20230717-r5	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
musl	CVE-2026-40200	高危	1.2.4_git20230717-r4	1.2.4_git20230717-r6	musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
musl-utils	CVE-2025-26519	高危	1.2.4_git20230717-r4	1.2.4_git20230717-r5	musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-02-14 04:15 修改: 2025-12-10 20:03
musl-utils	CVE-2026-40200	高危	1.2.4_git20230717-r4	1.2.4_git20230717-r6	musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
busybox	CVE-2024-58251	中危	1.36.1-r19	1.36.1-r21	In netstat in BusyBox through 1.37.0, local users can launch of networ ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
busybox-binsh	CVE-2024-58251	中危	1.36.1-r19	1.36.1-r21	In netstat in BusyBox through 1.37.0, local users can launch of networ ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
musl	CVE-2026-6042	中危	1.2.4_git20230717-r4	1.2.4_git20230717-r6	musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
libcrypto3	CVE-2025-9230	中危	3.1.7-r0	3.1.8-r1	openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
libssl3	CVE-2025-9230	中危	3.1.7-r0	3.1.8-r1	openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
musl-utils	CVE-2026-6042	中危	1.2.4_git20230717-r4	1.2.4_git20230717-r6	musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
ssl_client	CVE-2024-58251	中危	1.36.1-r19	1.36.1-r21	In netstat in BusyBox through 1.37.0, local users can launch of networ ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
libssl3	CVE-2025-9232	低危	3.1.7-r0	3.1.8-r1	openssl: Out-of-bounds read in HTTP client no_proxy handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
busybox	CVE-2025-46394	低危	1.36.1-r19	1.36.1-r21	In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
libcrypto3	CVE-2024-13176	低危	3.1.7-r0	3.1.8-r0	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
libcrypto3	CVE-2024-9143	低危	3.1.7-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
libcrypto3	CVE-2025-9232	低危	3.1.7-r0	3.1.8-r1	openssl: Out-of-bounds read in HTTP client no_proxy handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-09-30 14:15 修改: 2026-06-02 14:16
busybox-binsh	CVE-2025-46394	低危	1.36.1-r19	1.36.1-r21	In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16
libssl3	CVE-2024-13176	低危	3.1.7-r0	3.1.8-r0	openssl: Timing side-channel in ECDSA signature computation 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-01-20 14:15 修改: 2026-04-15 00:35
libssl3	CVE-2024-9143	低危	3.1.7-r0	3.1.7-r1	openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2024-10-16 17:15 修改: 2026-05-12 12:17
ssl_client	CVE-2025-46394	低危	1.36.1-r19	1.36.1-r21	In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394 镜像层: sha256:ba79b2c0127890636a791eb3ec3993cce08a50cc01fcb1513f0e8fbae41977af 发布日期: 2025-04-23 16:15 修改: 2026-06-02 14:16

Node.js (node-pkg)

低危漏洞:2

中危漏洞:2

高危漏洞:17

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
cross-spawn	CVE-2024-21538	高危	7.0.3	7.0.5, 6.0.6	cross-spawn: regular expression denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2024-11-08 05:15 修改: 2026-04-15 00:35
glob	CVE-2025-64756	高危	10.4.5	11.1.0, 10.5.0	glob: glob: Command Injection Vulnerability via Malicious Filenames 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2025-11-17 18:15 修改: 2025-12-02 19:34
minimatch	CVE-2026-26996	高危	9.0.5	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	minimatch: minimatch: Denial of Service via specially crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-02-20 03:16 修改: 2026-03-06 21:32
minimatch	CVE-2026-27903	高危	9.0.5	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
minimatch	CVE-2026-27904	高危	9.0.5	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
tar	CVE-2026-23745	高危	6.2.1	7.5.3	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-16 22:16 修改: 2026-02-18 16:20
tar	CVE-2026-23950	高危	6.2.1	7.5.4	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-20 01:15 修改: 2026-02-18 15:50
tar	CVE-2026-24842	高危	6.2.1	7.5.7	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-28 01:16 修改: 2026-02-02 14:30
tar	CVE-2026-26960	高危	6.2.1	7.5.8	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-02-20 02:16 修改: 2026-02-20 19:24
tar	CVE-2026-29786	高危	6.2.1	7.5.10	node-tar: hardlink path traversal via drive-relative linkpath 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
tar	CVE-2026-31802	高危	6.2.1	7.5.11	tar: tar: File overwrite via drive-relative symlink traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
tar	CVE-2026-23745	高危	7.4.3	7.5.3	node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-16 22:16 修改: 2026-02-18 16:20
tar	CVE-2026-23950	高危	7.4.3	7.5.4	node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-20 01:15 修改: 2026-02-18 15:50
tar	CVE-2026-24842	高危	7.4.3	7.5.7	node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-28 01:16 修改: 2026-02-02 14:30
tar	CVE-2026-26960	高危	7.4.3	7.5.8	node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-02-20 02:16 修改: 2026-02-20 19:24
tar	CVE-2026-29786	高危	7.4.3	7.5.10	node-tar: hardlink path traversal via drive-relative linkpath 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
tar	CVE-2026-31802	高危	7.4.3	7.5.11	tar: tar: File overwrite via drive-relative symlink traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
ip-address	CVE-2026-42338	中危	9.0.5	10.1.1	ip-address is a library for parsing and manipulating IPv4 and IPv6 add ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
brace-expansion	CVE-2026-33750	中危	2.0.1	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
diff	CVE-2026-24001	低危	5.2.0	8.0.3, 5.2.2, 4.0.4, 3.5.1	jsdiff: denial of service vulnerability in parsePatch and applyPatch 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
brace-expansion	CVE-2025-5889	低危	2.0.1	2.0.2, 1.1.12, 3.0.1, 4.0.1	brace-expansion: juliangruber brace-expansion index.js expand redos 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889 镜像层: sha256:2a27ab6dd00acba04bf22e0fa9f1602f393f375dddea64534c1eb89ab8a42dfa 发布日期: 2025-06-09 19:15 修改: 2026-04-29 01:00