docker.io/oceanbase/odc:4.4.1_bp1 linux/arm64

docker.io/oceanbase/odc:4.4.1_bp1 - Trivy安全扫描结果 扫描时间: 2026-07-15 11:21 温馨提示: 这是一个 linux/arm64 系统架构镜像
全部漏洞信息
低危漏洞:19 中危漏洞:73 高危漏洞:84 严重漏洞:35

系统OS: none 扫描引擎: Trivy 扫描时间: 2026-07-15 11:21

Java (jar)
低危漏洞:17 中危漏洞:64 高危漏洞:77 严重漏洞:35
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.4.0 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07

com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.4.0 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10

com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 严重 2.4.0 2.6.7.1, 2.7.9.1, 2.8.9 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24

com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35

com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41

com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41

com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.4.0 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49

com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.4.0 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03

com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22

com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.4.0 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24

com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30

com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27

com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

org.apache.opennlp:opennlp-tools CVE-2026-40682 严重 2.5.4 2.5.9, 3.0.0-M3 org.apache.opennlp/opennlp-tools: Apache OpenNLP: XML External Entity (XXE) vulnerability via crafted dictionary parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40682

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-04 17:16 修改: 2026-06-30 09:16

org.apache.opennlp:opennlp-tools CVE-2026-42027 严重 2.5.4 2.5.9, 3.0.0-M3 Apache OpenNLP: Apache OpenNLP: Arbitrary Class Loading via Model Manifest

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42027

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-04 17:16 修改: 2026-06-30 09:16

org.apache.tika:tika-core CVE-2025-66516 严重 2.7.0 3.2.2 tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41293 严重 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43512 严重 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43515 严重 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: tomcat: Improper Authorization allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.bouncycastle:bcprov-jdk15on CVE-2018-1000613 严重 1.59 1.60 bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000613

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-07-09 20:29 修改: 2026-06-17 01:32

org.bouncycastle:bcprov-jdk18on CVE-2025-14813 严重 1.78 1.80.2, 1.81.1, 1.84 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14813

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:16

org.springframework.cloud:spring-cloud-config-server CVE-2026-40982 严重 4.2.0 4.3.3, 5.0.3 Spring Cloud Config: spring-cloud-config-server: Spring Cloud Config: Directory traversal allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40982

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-07 04:16 修改: 2026-06-30 03:19

org.springframework.security:spring-security-web CVE-2026-22732 严重 6.4.6 6.5.9, 7.0.4 Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20

org.thymeleaf:thymeleaf CVE-2026-40477 严重 3.1.3.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf CVE-2026-40478 严重 3.1.3.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf CVE-2026-41901 严重 3.1.3.RELEASE 3.1.5.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47

org.thymeleaf:thymeleaf-spring6 CVE-2026-40477 严重 3.1.3.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40477

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf-spring6 CVE-2026-40478 严重 3.1.3.RELEASE 3.1.4.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40478

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-17 22:16 修改: 2026-06-30 03:19

org.thymeleaf:thymeleaf-spring6 CVE-2026-41901 严重 3.1.3.RELEASE 3.1.5.RELEASE thymeleaf: Thymeleaf: Server-Side Template Injection (SSTI) via expression execution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41901

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 23:16 修改: 2026-06-17 10:47

com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.4.0 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06

com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.4.0 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15

com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.4.0 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33

com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.4.0 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.4.0 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.7.1 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37

com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.7.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.mchange:c3p0 CVE-2026-27830 高危 0.9.5.4 0.12.0 c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27830

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-26 01:16 修改: 2026-06-30 03:17

com.mchange:mchange-commons-java CVE-2026-27727 高危 0.2.15 0.4.0 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17

commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57

io.airlift:aircompressor CVE-2024-36114 高危 0.21 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-05-29 21:15 修改: 2026-06-17 07:36

io.airlift:aircompressor CVE-2025-67721 高危 0.21 2.0.3 aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67721

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-12-12 23:15 修改: 2026-06-17 09:58

io.netty:netty-codec CVE-2026-42583 高危 4.1.118.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-dns CVE-2026-42579 高危 4.1.112.Final 4.2.13.Final, 4.1.133.Final netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.118.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.118.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.118.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.112.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.112.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.112.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-44249 高危 4.1.118.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16

io.netty:netty-handler CVE-2026-45416 高危 4.1.118.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.118.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-resolver-dns CVE-2026-45674 高危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17

io.netty:netty-resolver-dns CVE-2026-47691 高危 4.1.112.Final 4.2.15.Final, 4.1.135.Final io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.13.2.2 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.13.2.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

org.apache.opennlp:opennlp-tools CVE-2026-42440 高危 2.5.4 2.5.9, 3.0.0-M3 org.apache.opennlp/opennlp-tools: Apache OpenNLP: Denial of Service via unbounded array allocation in crafted model files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42440

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-04 17:16 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.13.2.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-07-14 12:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.15.2 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-07-14 12:17

com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.13.2 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 高危 11.0.9 11.0.10, 10.1.44, 9.0.108 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 高危 11.0.9 11.0.11, 10.1.45, 9.0.109 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24734 高危 11.0.9 11.0.18, 10.1.52, 9.0.115 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24880 高危 11.0.9 9.0.116, 10.1.52, 11.0.20 Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-34483 高危 11.0.9 9.0.116, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41284 高危 11.0.9 9.0.118, 10.1.55, 11.0.22 Allocation of Resources Without Limits or Throttling vulnerability in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-42498 高危 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43513 高危 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.4.0 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37

org.bouncycastle:bcprov-jdk15on CVE-2018-1000180 高危 1.59 1.60 bouncycastle: flaw in the low-level interface to RSA key pair generator

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000180

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-06-05 13:29 修改: 2026-06-17 01:32

com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.13.2.2 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

org.ini4j:ini4j CVE-2022-41404 高危 0.5.4 org.ini4j: unspecified DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41404

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-11 23:15 修改: 2026-06-17 05:03

org.pf4j:pf4j CVE-2025-70952 高危 3.10.0 3.14.1 pf4j before 20c2f80 has a path traversal vulnerability in the extract( ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-70952

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:03

org.postgresql:postgresql CVE-2026-42198 高危 42.7.3 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16

org.springframework.boot:spring-boot CVE-2025-22235 高危 3.4.3 3.3.11, 3.4.5 org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45

org.springframework.boot:spring-boot CVE-2026-40973 高危 3.4.3 4.0.6, 3.5.14 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45

com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37

org.springframework.cloud:spring-cloud-config-server CVE-2026-22739 高危 4.2.0 4.3.2, 5.0.2 Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22739

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-24 01:17 修改: 2026-06-17 10:20

org.springframework.cloud:spring-cloud-config-server CVE-2026-40981 高危 4.2.0 4.3.3, 5.0.3 Spring Cloud Config: Spring Cloud Config: Information disclosure of secrets from unintended GCP projects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40981

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-07 04:16 修改: 2026-06-30 03:19

org.springframework.cloud:spring-cloud-config-server CVE-2026-41002 高危 4.2.0 4.3.3, 5.0.3 Spring Cloud Config Server Susceptible To TOCTOU Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41002

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-07 04:16 修改: 2026-06-17 10:46

org.springframework.security:spring-security-core CVE-2025-41248 高危 6.4.6 6.4.10, 6.5.4 org.springframework.security/spring-security-core: Spring Security authorization bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41248

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.4.0 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01

org.springframework:spring-core CVE-2025-41249 高危 6.2.7 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22

com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.4.0 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14

com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.4.0 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19

com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.4.0 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.4.0 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.4.0 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

com.squareup.okio:okio CVE-2023-3635 中危 3.2.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.15.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.poi:poi-ooxml CVE-2025-31672 中危 5.2.2 5.4.0 org.apache.poi/poi-ooxml: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31672

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-04-09 12:15 修改: 2026-06-17 09:10

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.15.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-core CVE-2025-49128 中危 2.4.0 2.13.0 com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30

io.github.classgraph:classgraph CVE-2021-47621 中危 4.1.7 4.8.112 ClassGraph XML External Entity Reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-47621

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-06-21 06:15 修改: 2026-06-17 04:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14

io.netty:netty-codec CVE-2025-58057 中危 4.1.118.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.4.0 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.google.guava:guava CVE-2023-2976 中危 30.1.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.118.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.118.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.118.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-66614 中危 11.0.9 11.0.15, 10.1.50, 9.0.113 tomcat: Client certificate verification bypass due to virtual host mapping

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-25854 中危 11.0.9 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25

org.bouncycastle:bcpkix-jdk18on CVE-2025-8916 中危 1.78 1.79 org.bouncycastle: BouncyCastle denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07

org.bouncycastle:bcpkix-jdk18on CVE-2026-5588 中危 1.78 1.84 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.118.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.118.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

org.bouncycastle:bcprov-jdk15on CVE-2020-15522 中危 1.59 1.66 bouncycastle: Timing issue within the EC math library

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15522

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2021-05-20 12:15 修改: 2026-06-17 02:56

org.bouncycastle:bcprov-jdk15on CVE-2020-26939 中危 1.59 1.61 In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-26939

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-11-02 22:15 修改: 2026-06-17 03:08

org.bouncycastle:bcprov-jdk15on CVE-2023-33201 中危 1.59 bouncycastle: potential blind LDAP injection attack using a self-signed certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-07-05 03:15 修改: 2026-06-17 06:01

org.bouncycastle:bcprov-jdk15on CVE-2023-33202 中危 1.59 1.70 bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-11-23 16:15 修改: 2026-06-17 06:01

org.bouncycastle:bcprov-jdk15on CVE-2024-29857 中危 1.59 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23

org.bouncycastle:bcprov-jdk15on CVE-2024-30171 中危 1.59 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.118.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.78 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17

org.eclipse.angus:smtp CVE-2025-7962 中危 2.0.3 2.0.4 com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.4.0 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-databind CVE-2026-50193 中危 2.13.2.2 2.14.0 jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50193

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:05

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.13.2.2 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.112.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.13.2.2 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.15.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.springframework.cloud:spring-cloud-config-server CVE-2026-41004 中危 4.2.0 4.3.3, 5.0.3 Spring Cloud Config Server: Spring Cloud Config: Spring Cloud Config Server: Information disclosure via trace logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41004

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-07 04:16 修改: 2026-06-17 10:46

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.13.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.springframework.security:spring-security-core CVE-2026-22751 中危 6.4.6 6.5.10, 7.0.5 Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22751

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-21 19:16 修改: 2026-06-17 10:20

org.springframework.security:spring-security-oauth2-jose CVE-2026-22748 中危 6.4.6 6.5.10, 7.0.5 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.37.3 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39

org.springframework.security:spring-security-web CVE-2026-47838 中危 6.4.6 6.5.11 Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16

io.netty:netty-resolver-dns CVE-2026-45673 中危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

org.springframework:spring-web CVE-2025-41234 中危 6.2.7 6.2.8, 6.1.21 springframework: Reflected download attack in Spring Framework with non-ASCII headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22

org.springframework:spring-webflux CVE-2026-22737 中危 6.2.3 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webflux CVE-2026-22740 中危 6.2.3 7.0.7, 6.2.18 spring-webflux: Spring WebFlux: Denial of Service via temporary file accumulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22740

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.springframework:spring-webflux CVE-2026-22745 中危 6.2.3 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2025-41242 中危 6.2.7 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22

org.springframework:spring-webmvc CVE-2026-22737 中危 6.2.7 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22745 中危 6.2.7 7.0.7, 6.2.18 spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.springframework:spring-websocket CVE-2025-41254 中危 6.2.3 6.2.12 org.springframework/spring-core: Spring Framework STOMP CSRF Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41254

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-10-16 15:15 修改: 2026-06-17 09:22

io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.112.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.projectreactor.netty:reactor-netty-http CVE-2025-22227 中危 1.0.48 1.3.0-M5, 1.2.8 io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22227

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-07-16 10:15 修改: 2026-06-17 08:45

org.apache.commons:commons-configuration2 CVE-2026-45205 中危 2.10.1 2.15.0 Uncontrolled Recursion vulnerability in Apache Commons. When processi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51

org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.12.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.24.3 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

com.github.ulisesbocchio:jasypt-spring-boot-starter CVE-2026-9370 低危 3.0.4 jasypt-spring-boot Uses a One-Way Hash without a Salt

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9370

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-24 10:16 修改: 2026-06-17 11:05

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55754 低危 11.0.9 11.0.11, 10.1.45, 9.0.109 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42

org.apache.tomcat.embed:tomcat-embed-core CVE-2025-61795 低危 11.0.9 11.0.12, 10.1.47, 9.0.110 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50

org.springframework:spring-webflux CVE-2026-22735 低危 6.2.3 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webflux CVE-2026-22741 低危 6.2.3 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43514 低危 11.0.9 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49

org.apache.hadoop:hadoop-common CVE-2024-23454 低危 3.3.4 3.4.0 Apache Hadoop: Temporary File Local Information Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-09-25 08:15 修改: 2026-06-17 07:12

org.apache.hadoop:hadoop-common CVE-2024-23454 低危 3.3.6 3.4.0 Apache Hadoop: Temporary File Local Information Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2024-09-25 08:15 修改: 2026-06-17 07:12

org.springframework:spring-webmvc CVE-2026-22735 低危 6.2.7 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20

org.springframework:spring-webmvc CVE-2026-22741 低危 6.2.7 7.0.7, 6.2.18 Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20

org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh 低危 9.4.51.v20230217 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06

org.springframework.security:spring-security-core CVE-2026-22746 低危 6.4.6 6.5.10, 7.0.5 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20

com.google.guava:guava CVE-2020-8908 低危 31.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.github.ulisesbocchio:jasypt-spring-boot CVE-2026-9370 低危 3.0.4 jasypt-spring-boot Uses a One-Way Hash without a Salt

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9370

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-24 10:16 修改: 2026-06-17 11:05

com.google.guava:guava CVE-2020-8908 低危 30.1.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.112.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.118.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:0fd2f5d28fb2277d0f434ead162cd5f9a385a32627a662835233c64b0bf9933f

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

Python (python-pkg)
低危漏洞:2 中危漏洞:9 高危漏洞:7 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
pip CVE-2021-3572 高危 19.3.1 21.1 python-pip: Incorrect handling of unicode separators in git references

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2021-11-10 18:15 修改: 2026-06-17 04:05

setuptools CVE-2022-40897 高危 39.2.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:b75ad25b6e070efa7008d0e7ef9b34ee6a5b39dc844e9e427ef948e625d75ceb

发布日期: 2022-12-23 00:15 修改: 2026-06-17 05:02

setuptools CVE-2024-6345 高危 39.2.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:b75ad25b6e070efa7008d0e7ef9b34ee6a5b39dc844e9e427ef948e625d75ceb

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2025-47273 高危 39.2.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:b75ad25b6e070efa7008d0e7ef9b34ee6a5b39dc844e9e427ef948e625d75ceb

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

setuptools CVE-2022-40897 高危 41.6.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2022-12-23 00:15 修改: 2026-06-17 05:02

setuptools CVE-2024-6345 高危 41.6.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2025-47273 高危 41.6.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

pip CVE-2026-3219 中危 23.3.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 23.3.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-8643 中危 23.3.1 26.1.2 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17

pip CVE-2023-5752 中危 19.3.1 23.3 pip: Mercurial configuration injectable in repo revision when installing via pip

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:49

pip CVE-2025-8869 中危 19.3.1 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2026-3219 中危 19.3.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 19.3.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-8643 中危 19.3.1 26.1.2 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17

pip CVE-2025-8869 中危 23.3.1 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2026-1703 低危 19.3.1 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

pip CVE-2026-1703 低危 23.3.1 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:884b7f46fe0fd7146b12a23b05c31be516f0d4b532c9e2491ee47ae245ad9fed

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×