| pillow |
CVE-2026-25990 |
高危 |
10.4.0 |
12.1.1 |
pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25990
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-02-11 21:16 修改: 2026-04-30 21:16
|
| pillow |
CVE-2026-40192 |
高危 |
10.4.0 |
12.2.0 |
Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40192
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-04-15 23:16 修改: 2026-04-22 20:08
|
| pillow |
CVE-2026-42311 |
高危 |
10.4.0 |
12.2.0 |
Pillow is a Python imaging library. From version 10.3.0 to before vers ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42311
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-05-09 06:16 修改: 2026-05-14 20:27
|
| protobuf |
CVE-2025-4565 |
高危 |
5.27.3 |
4.25.8, 5.29.5, 6.31.1 |
python-protobuf: Unbounded recursion in Python Protobuf
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4565
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-06-16 15:15 修改: 2025-08-14 17:05
|
| protobuf |
CVE-2026-0994 |
高危 |
5.27.3 |
6.33.5, 5.29.6 |
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0994
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-01-23 15:16 修改: 2026-04-09 14:19
|
| setuptools |
CVE-2022-40897 |
高危 |
56.0.0 |
65.5.1 |
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2022-12-23 00:15 修改: 2025-11-04 16:15
|
| setuptools |
CVE-2024-6345 |
高危 |
56.0.0 |
70.0.0 |
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2024-07-15 01:15 修改: 2026-04-15 00:35
|
| setuptools |
CVE-2025-47273 |
高危 |
56.0.0 |
78.1.1 |
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
|
| urllib3 |
CVE-2025-66418 |
高危 |
2.2.2 |
2.6.0 |
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-12-05 16:15 修改: 2025-12-10 16:08
|
| urllib3 |
CVE-2025-66471 |
高危 |
2.2.2 |
2.6.0 |
urllib3: urllib3 Streaming API improperly handles highly compressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-12-05 17:16 修改: 2025-12-10 16:10
|
| urllib3 |
CVE-2026-21441 |
高危 |
2.2.2 |
2.6.3 |
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-01-07 22:15 修改: 2026-01-23 09:15
|
| urllib3 |
CVE-2026-44431 |
高危 |
2.2.2 |
2.7.0 |
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:56
|
| wheel |
CVE-2026-24049 |
高危 |
0.44.0 |
0.46.2 |
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
|
| pillow |
CVE-2026-42310 |
中危 |
10.4.0 |
12.2.0 |
Pillow: Pillow: Denial of Service via malicious PDF processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42310
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-05-09 06:16 修改: 2026-05-12 17:55
|
| pip |
CVE-2025-8869 |
中危 |
24.2 |
25.3 |
pip: pip missing checks on symbolic link extraction
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-09-24 15:15 修改: 2026-04-15 00:35
|
| pip |
CVE-2026-3219 |
中危 |
24.2 |
26.1 |
pip: pip: Incorrect file installation due to improper archive handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
|
| pip |
CVE-2026-6357 |
中危 |
24.2 |
26.1 |
pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
|
| idna |
CVE-2026-45409 |
中危 |
3.7 |
3.15 |
Internationalized Domain Names in Applications (IDNA) for Python provi ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-06-05 23:16 修改: 2026-06-08 15:02
|
| pillow |
CVE-2026-42308 |
中危 |
10.4.0 |
12.2.0 |
Pillow: python: Pillow: Denial of Service via integer overflow in font processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308
镜像层: sha256:c72bff98da0fb2e983ac086a570b01328b5cdbcb736fe443c1030a73f58d7bc3
发布日期: 2026-05-09 06:16 修改: 2026-05-12 17:57
|
| requests |
CVE-2024-47081 |
中危 |
2.32.3 |
2.32.4 |
requests: Requests vulnerable to .netrc credentials leak via malicious URLs
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-06-09 18:15 修改: 2026-04-15 00:35
|
| urllib3 |
CVE-2025-50181 |
中危 |
2.2.2 |
2.5.0 |
urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-06-19 01:15 修改: 2025-12-22 19:15
|
| urllib3 |
CVE-2025-50182 |
中危 |
2.2.2 |
2.5.0 |
urllib3: urllib3 does not control redirects in browsers and Node.js
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2025-06-19 02:15 修改: 2025-12-22 19:15
|
| requests |
CVE-2026-25645 |
中危 |
2.32.3 |
2.33.0 |
requests: Requests: Security bypass due to predictable temporary file creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-03-25 17:16 修改: 2026-03-30 14:23
|
| pip |
CVE-2026-1703 |
低危 |
24.2 |
26.0 |
pip: pip: Information disclosure via path traversal when installing crafted wheel archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703
镜像层: sha256:d5dc30ecbd10efff80bc3566015e1741ab3daf8dbcb0225c6bfc170ede5bd0c8
发布日期: 2026-02-02 15:16 修改: 2026-04-15 00:35
|