docker.io/openlistteam/openlist:v4.2.3 linux/amd64

docker.io/openlistteam/openlist:v4.2.3 - Trivy安全扫描结果 扫描时间: 2026-07-03 02:31
全部漏洞信息
低危漏洞:3 中危漏洞:13 高危漏洞:13 严重漏洞:6

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-07-03 02:31

docker.io/openlistteam/openlist:v4.2.3 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
opt/openlist/openlist (gobinary)
低危漏洞:3 中危漏洞:13 高危漏洞:13 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/jackc/pgx/v5 CVE-2026-33815 严重 v5.5.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33815

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-07 16:16 修改: 2026-06-30 03:18

github.com/jackc/pgx/v5 CVE-2026-33816 严重 v5.5.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-07 16:16 修改: 2026-06-30 03:18

github.com/rclone/rclone CVE-2026-41176 严重 v1.70.3 1.73.5 github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41176

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-23 00:16 修改: 2026-06-30 03:19

github.com/rclone/rclone CVE-2026-41179 严重 v1.70.3 1.73.5 github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41179

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-23 00:16 修改: 2026-06-30 03:19

github.com/rclone/rclone CVE-2026-49980 严重 v1.70.3 1.74.3 github.com/rclone/rclone: Rclone: Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49980

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-06-24 19:17 修改: 2026-06-29 16:11

google.golang.org/grpc CVE-2026-33186 严重 v1.78.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-03-20 23:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-39828 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39828

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-39829 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39829

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-39830 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39830

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-30 03:19

golang.org/x/crypto CVE-2026-39832 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39832

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-30 03:19

golang.org/x/crypto CVE-2026-39835 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39835

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-42508 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42508

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-46595 高危 v0.50.0 0.52.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46595

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-07-01 13:17

golang.org/x/crypto CVE-2026-46597 高危 v0.50.0 0.52.0 An incorrectly placed cast from bytes to int allowed for server-side p ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46597

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/net CVE-2026-25681 高危 v0.53.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25681

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-27136 高危 v0.53.0 0.55.0 Parsing arbitrary HTML which is then rendered using Render can result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27136

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:26

golang.org/x/net CVE-2026-39821 高危 v0.53.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39821

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-07-01 13:17

golang.org/x/net CVE-2026-42502 高危 v0.53.0 0.55.0 Parsing arbitrary HTML which is then rendered using Render can result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42502

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39827 高危 v0.50.0 0.52.0 An authenticated SSH client that repeatedly opened channels which were ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39827

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-46598 中危 v0.50.0 0.52.0 golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46598

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-33809 中危 v0.29.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-03-25 19:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33812 中危 v0.29.0 0.39.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service due to excessive memory allocation when parsing malicious font files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33812

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-21 20:16 修改: 2026-06-17 10:38

golang.org/x/image CVE-2026-33813 中危 v0.29.0 0.42.0 golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33813

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-04-21 20:16 修改: 2026-06-25 20:17

golang.org/x/image CVE-2026-46599 中危 v0.29.0 0.41.0 golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via crafted PackBits-compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46599

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:53

golang.org/x/image CVE-2026-46601 中危 v0.29.0 0.43.0 golang.org/x/image/webp: golang.org/x/image/webp: Denial of Service via malformed VP8 chunk in WebP images

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46601

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

github.com/go-chi/chi/v5 CVE-2025-69725 中危 v5.2.2 5.2.4 go-chi/chi: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69725

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-02-19 17:24 修改: 2026-06-17 10:00

github.com/quic-go/quic-go CVE-2026-40898 中危 v0.59.0 0.59.1 quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40898

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-06-04 19:16 修改: 2026-06-17 10:45

golang.org/x/crypto CVE-2026-39831 中危 v0.50.0 0.52.0 The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39831

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/crypto CVE-2026-39833 中危 v0.50.0 0.52.0 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39833

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

golang.org/x/net CVE-2026-25680 中危 v0.53.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25680

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:25

golang.org/x/net CVE-2026-42506 中危 v0.53.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42506

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 16:16 修改: 2026-06-17 10:47

golang.org/x/crypto CVE-2026-39834 中危 v0.50.0 0.52.0 When writing data larger than 4GB in a single Write call on an SSH cha ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39834

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 04:16 修改: 2026-06-17 10:42

github.com/jackc/pgx/v5 CVE-2026-41889 低危 v5.5.5 5.9.2 github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-08 17:16 修改: 2026-06-17 10:47

github.com/disintegration/imaging CVE-2023-36308 低危 v1.6.2 disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2023-09-05 04:15 修改: 2026-06-17 06:06

github.com/cloudflare/circl CVE-2026-1229 低危 v1.6.1 1.6.3 CIRCL has an incorrect calculation in secp384r1 CombinedMult

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-02-24 08:16 修改: 2026-06-17 10:15

golang.org/x/image CVE-2026-46602 未知 v0.29.0 0.43.0 The TIFF decoder does not set a limit on the size of tiles in tiled im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46602

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-06-25 20:17 修改: 2026-06-26 17:16

golang.org/x/image CVE-2026-46604 未知 v0.29.0 0.43.0 The TIFF decoder can panic when decoding an invalid image with an out- ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46604

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-06-26 21:16 修改: 2026-07-01 14:07

golang.org/x/sys CVE-2026-39824 未知 v0.43.0 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

golang.org/x/image CVE-2026-42500 未知 v0.29.0 0.41.0 Decoding a paletted BMP file with an out-of-range palette index result ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42500

镜像层: sha256:4b25609a010793391ba4cf0ce4757547047a42fd9ac80718b92fc30d101a579b

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:47

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×