docker.io/openpolicyagent/opa:1.13.1 linux/amd64

docker.io/openpolicyagent/opa:1.13.1 - Trivy安全扫描结果扫描时间: 2026-06-12 16:39

全部漏洞信息

低危漏洞:2

中危漏洞:12

高危漏洞:16

严重漏洞:2

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-12 16:39

docker.io/openpolicyagent/opa:1.13.1 (wolfi 20230201) (wolfi)

低危漏洞:1

中危漏洞:4

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
glibc	CVE-2026-4046	中危	2.42-r7	2.43-r6	glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:2dbcf9b7151d8679756c4fa99fdeb3844ce190c96ea723efffe8972c133566e8 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
glibc	CVE-2026-4437	中危	2.42-r7	2.43-r4	glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:2dbcf9b7151d8679756c4fa99fdeb3844ce190c96ea723efffe8972c133566e8 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
glibc	CVE-2026-5450	中危	2.42-r7	2.43-r7	glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450 镜像层: sha256:2dbcf9b7151d8679756c4fa99fdeb3844ce190c96ea723efffe8972c133566e8 发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
glibc	CVE-2026-5928	中危	2.42-r7	2.43-r7	glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928 镜像层: sha256:2dbcf9b7151d8679756c4fa99fdeb3844ce190c96ea723efffe8972c133566e8 发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
glibc	CVE-2026-4438	低危	2.42-r7	2.43-r4	glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:2dbcf9b7151d8679756c4fa99fdeb3844ce190c96ea723efffe8972c133566e8 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40

opa (gobinary)

低危漏洞:1

中危漏洞:8

高危漏洞:16

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
google.golang.org/grpc	CVE-2026-33186	严重	v1.78.0	1.79.3	google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
stdlib	CVE-2025-68121	严重	v1.25.6	1.24.13, 1.25.7, 1.26.0-rc.3	crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-02-05 18:16 修改: 2026-04-29 14:16
go.opentelemetry.io/otel/sdk	CVE-2026-24051	高危	v1.39.0	1.40.0	OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24051 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-02-02 23:16 修改: 2026-02-27 20:32
go.opentelemetry.io/otel/sdk	CVE-2026-39883	高危	v1.39.0	1.43.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39883 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 21:17 修改: 2026-04-10 21:16
github.com/containerd/containerd/v2	CVE-2026-46680	高危	v2.2.1	2.0.9, 2.2.4, 2.3.1	containerd user ID handling bypass allows runAsNonRoot evasion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46680 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
go.opentelemetry.io/otel	CVE-2026-29181	高危	v1.39.0	1.41.0	github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Denial of Service via crafted multi-value baggage headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29181 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-07 21:17 修改: 2026-04-14 18:45
stdlib	CVE-2026-25679	高危	v1.25.6	1.25.8, 1.26.1	net/url: Incorrect parsing of IPv6 host literals in net/url 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:43
stdlib	CVE-2026-32280	高危	v1.25.6	1.25.9, 1.26.2	crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:16
stdlib	CVE-2026-32281	高危	v1.25.6	1.25.9, 1.26.2	crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32283	高危	v1.25.6	1.25.9, 1.26.2	crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:12
stdlib	CVE-2026-33811	高危	v1.25.6	1.25.10, 1.26.3	net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib	CVE-2026-33814	高危	v1.25.6	1.25.10, 1.26.3	When processing HTTP/2 SETTINGS frames, transport will enter an infini ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
stdlib	CVE-2026-39820	高危	v1.25.6	1.25.10, 1.26.3	Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
stdlib	CVE-2026-39823	高危	v1.25.6	1.25.10, 1.26.3	CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39825	高危	v1.25.6	1.25.10, 1.26.3	ReverseProxy can forward queries containing parameters not visible to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
stdlib	CVE-2026-39836	高危	v1.25.6	1.25.10, 1.26.3	ELSA-2026-22112: go-toolset:ol8 security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:11
stdlib	CVE-2026-42499	高危	v1.25.6	1.25.10, 1.26.3	Pathological inputs could cause DoS through consumePhrase when parsing ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42504	高危	v1.25.6	1.25.11, 1.26.4	Decoding a maliciously-crafted MIME header containing many invalid enc ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	CVE-2026-39882	中危	v1.39.0	1.43.0	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39882 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 21:17 修改: 2026-04-09 18:39
stdlib	CVE-2026-27142	中危	v1.25.6	1.25.8, 1.26.1	html/template: URLs in meta content attribute actions are not escaped in html/template 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
stdlib	CVE-2026-27145	中危	v1.25.6	1.25.11, 1.26.4	*x509.Certificate).VerifyHostname previously called matchHostnames in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-32282	中危	v1.25.6	1.25.9, 1.26.2	golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:15
stdlib	CVE-2026-32288	中危	v1.25.6	1.25.9, 1.26.2	archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:08
stdlib	CVE-2026-32289	中危	v1.25.6	1.25.9, 1.26.2	html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-04-08 02:16 修改: 2026-04-16 19:06
stdlib	CVE-2026-39826	中危	v1.25.6	1.25.10, 1.26.3	html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
stdlib	CVE-2026-42507	中危	v1.25.6	1.25.11, 1.26.4	When returning errors, functions in the net/textproto package would in ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-06-02 23:16 修改: 2026-06-04 16:15
stdlib	CVE-2026-27139	低危	v1.25.6	1.25.8, 1.26.1	os: FileInfo can escape from a Root in golang os module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139 镜像层: sha256:abd838a9990cdba08fb036fea1730b64cbe13e90bc8025a1bbe53b339fb23542 发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:32