docker.io/outlinewiki/outline-base:latest linux/amd64

docker.io/outlinewiki/outline-base:latest - Trivy安全扫描结果 扫描时间: 2026-07-16 14:58
全部漏洞信息
低危漏洞:109 中危漏洞:249 高危漏洞:129 严重漏洞:14

系统OS: debian 12.9 扫描引擎: Trivy 扫描时间: 2026-07-16 14:58

docker.io/outlinewiki/outline-base:latest (debian 12.9) (debian)
低危漏洞:83 中危漏洞:102 高危漏洞:31 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libgnutls30 CVE-2026-33845 严重 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-30 18:16 修改: 2026-07-15 02:20

libgnutls30 CVE-2026-42010 严重 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Authentication Bypass via NUL Character in Username

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-07 12:16 修改: 2026-07-15 02:21

perl-base CVE-2026-13221 严重 5.36.0-7+deb12u1 Perl versions through 5.43.9 produce silently incorrect regular expres ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13221

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-07-13 17:16 修改: 2026-07-14 18:15

perl-base CVE-2026-42496 严重 5.36.0-7+deb12u1 perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42496

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 02:16 修改: 2026-07-15 02:21

perl-base CVE-2026-8376 严重 5.36.0-7+deb12u1 perl: Perl: Heap buffer overflow when compiling regular expressions on 32-bit builds

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8376

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 00:16 修改: 2026-06-17 11:03

zlib1g CVE-2023-45853 严重 1:1.2.13.dfsg-1 zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45853

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-10-14 02:15 修改: 2026-07-14 13:17

bsdutils CVE-2026-53615 高危 1:2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

gpgv CVE-2025-68973 高危 2.2.40-1.1 2.2.40-1.1+deb12u2 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-28 17:16 修改: 2026-06-17 09:59

libgnutls30 CVE-2025-32988 高危 3.7.9-2+deb12u3 3.7.9-2+deb12u5 gnutls: Vulnerability in GnuTLS otherName SAN export

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32988

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2025-32990 高危 3.7.9-2+deb12u3 3.7.9-2+deb12u5 gnutls: Vulnerability in GnuTLS certtool template parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32990

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-10 10:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2026-33846 高危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-04 10:15 修改: 2026-07-15 02:20

libgnutls30 CVE-2026-3833 高危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-30 18:16 修改: 2026-07-13 22:16

libgnutls30 CVE-2026-42009 高危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-18 13:16 修改: 2026-07-15 02:21

liblzma5 CVE-2025-31115 高危 5.4.1-0.2 5.4.1-1 xz: XZ has a heap-use-after-free bug in threaded .xz decoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31115

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-04-03 17:15 修改: 2026-06-17 09:09

libmount1 CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libpam-modules CVE-2025-6020 高危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam-modules-bin CVE-2025-6020 高危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam-runtime CVE-2025-6020 高危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libpam0g CVE-2025-6020 高危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 linux-pam: Linux-pam directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6020

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-17 13:15 修改: 2026-06-30 11:16

libsmartcols1 CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libtinfo6 CVE-2025-69720 高危 6.4-4 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

libuuid1 CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

mount CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

ncurses-base CVE-2025-69720 高危 6.4-4 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

ncurses-bin CVE-2025-69720 高危 6.4-4 ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69720

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-19 15:16 修改: 2026-06-17 10:00

gzip CVE-2026-41992 高危 1.12-1 GNU gzip contains a global buffer overflow vulnerability in the LZH de ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41992

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 12:16 修改: 2026-07-01 14:02

libacl1 CVE-2026-54369 高危 2.3.1-3 acl: Symlink traversal privilege escalation via libacl functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54369

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 14:16 修改: 2026-07-15 01:16

libblkid1 CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

perl-base CVE-2023-31484 高危 5.36.0-7+deb12u1 5.36.0-7+deb12u3 perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31484

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-04-29 00:15 修改: 2026-06-17 05:57

perl-base CVE-2024-56406 高危 5.36.0-7+deb12u1 5.36.0-7+deb12u2 perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56406

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-04-13 14:15 修改: 2026-06-17 08:12

perl-base CVE-2026-42497 高危 5.36.0-7+deb12u1 perl-Archive-Tar: perl-Archive-Tar: Arbitrary file modification via crafted hardlinks during archive extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42497

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 02:16 修改: 2026-06-17 10:47

perl-base CVE-2026-48962 高危 5.36.0-7+deb12u1 perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48962

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-27 04:16 修改: 2026-07-15 02:22

perl-base CVE-2026-57432 高危 5.36.0-7+deb12u1 Perl versions through 5.43.10 have an integer overflow in S_measure_st ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-57432

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-07-13 17:17 修改: 2026-07-14 18:04

perl-base CVE-2026-9538 高危 5.36.0-7+deb12u1 perl-Archive-Tar: perl-Archive-Tar: Denial of Service via crafted tar header with large entry size

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9538

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 02:16 修改: 2026-06-17 11:05

util-linux CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

util-linux-extra CVE-2026-53615 高危 2.38.1-5+deb12u3 [Integer Overflow or Wraparound in libblkid/src/partitions/dos.c]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53615

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libcap2 CVE-2026-4878 高危 1:2.66-4 1:2.66-4+deb12u3 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-09 16:16 修改: 2026-07-15 02:22

libc6 CVE-2026-6238 中危 2.36-9+deb12u9 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-28 19:37 修改: 2026-07-14 13:19

bsdutils CVE-2026-13595 中危 1:2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

libcap2 CVE-2025-1390 中危 1:2.66-4 1:2.66-4+deb12u1 libcap: pam_cap: Fix potential configuration parsing error

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1390

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-02-18 03:15 修改: 2026-06-17 08:39

libgcrypt20 CVE-2026-41989 中危 1.10.1-3 1.10.1-3+deb12u1 Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-23 05:16 修改: 2026-07-14 13:18

gpgv CVE-2025-30258 中危 2.2.40-1.1 gnupg: verification DoS due to a malicious subkey in the keyring

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30258

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-03-19 20:15 修改: 2026-06-17 09:08

gpgv CVE-2025-68972 中危 2.2.40-1.1 gnupg: GnuPG: Signature bypass via form feed character in signed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68972

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-27 23:15 修改: 2026-06-17 09:59

bsdutils CVE-2026-27456 中危 1:2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

gzip CVE-2026-41991 中危 1.12-1 gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41991

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 12:16 修改: 2026-07-01 14:02

bsdutils CVE-2026-3184 中危 1:2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libacl1 CVE-2026-54370 中危 2.3.1-3 acl: TOCTOU Symlink Traversal via getfacl/setfacl

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54370

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 14:16 修改: 2026-06-29 19:22

libattr1 CVE-2026-54371 中危 1:2.5.1-4 attr: Symlink Traversal Privilege Escalation via getfattr and setfattr

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54371

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 14:16 修改: 2026-07-15 01:16

libgnutls30 CVE-2024-12243 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u4 gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12243

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-02-10 16:15 修改: 2026-06-17 06:59

libgnutls30 CVE-2025-14831 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u6 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-02-09 15:16 修改: 2026-06-30 00:16

libgnutls30 CVE-2025-32989 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u5 gnutls: Vulnerability in GnuTLS SCT extension parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32989

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-10 08:15 修改: 2026-06-30 01:16

libgnutls30 CVE-2025-6395 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u5 gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6395

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-10 16:15 修改: 2026-06-30 02:16

libgnutls30 CVE-2026-42011 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Security bypass due to incorrect name constraint handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-07 15:16 修改: 2026-07-13 17:17

libgnutls30 CVE-2026-42012 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 22:16 修改: 2026-07-13 17:17

libgnutls30 CVE-2026-42013 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 22:16 修改: 2026-07-13 17:17

libgnutls30 CVE-2026-42014 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-16 02:16 修改: 2026-07-13 21:16

libgnutls30 CVE-2026-42015 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 22:16 修改: 2026-07-13 17:17

libgnutls30 CVE-2026-5260 中危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-26 22:16 修改: 2026-07-13 17:18

dpkg CVE-2026-2219 中危 1.21.22 1.21.23 It was discovered that dpkg-deb (a component of dpkg, the Debian packa ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2219

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-07 09:16 修改: 2026-06-17 10:30

liblzma5 CVE-2026-34743 中危 5.4.1-0.2 5.4.1-1+deb12u1 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39

libblkid1 CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

libmount1 CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

libmount1 CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libmount1 CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libp11-kit0 CVE-2026-13757 中危 0.24.1-2 p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13757

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 19:16 修改: 2026-07-13 06:16

libblkid1 CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libpam-modules CVE-2024-10041 中危 1.5.2-6+deb12u1 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-10-23 14:15 修改: 2026-06-30 00:16

libpam-modules CVE-2024-22365 中危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam-modules CVE-2026-54411 中危 1.5.2-6+deb12u1 linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54411

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-14 18:17 修改: 2026-06-17 10:58

libblkid1 CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libpam-modules-bin CVE-2024-10041 中危 1.5.2-6+deb12u1 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-10-23 14:15 修改: 2026-06-30 00:16

libpam-modules-bin CVE-2024-22365 中危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam-modules-bin CVE-2026-54411 中危 1.5.2-6+deb12u1 linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54411

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-14 18:17 修改: 2026-06-17 10:58

libbz2-1.0 CVE-2026-42250 中危 1.0.8-5+b1 bzip2: bzip2: Denial of Service in bzip2recover via a specially crafted file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42250

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-28 14:16 修改: 2026-06-17 10:47

libpam-runtime CVE-2024-10041 中危 1.5.2-6+deb12u1 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-10-23 14:15 修改: 2026-06-30 00:16

libpam-runtime CVE-2024-22365 中危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam-runtime CVE-2026-54411 中危 1.5.2-6+deb12u1 linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54411

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-14 18:17 修改: 2026-06-17 10:58

libc-bin CVE-2025-0395 中危 2.36-9+deb12u9 2.36-9+deb12u10 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libpam0g CVE-2024-10041 中危 1.5.2-6+deb12u1 pam: libpam: Libpam vulnerable to read hashed password

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-10041

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-10-23 14:15 修改: 2026-06-30 00:16

libpam0g CVE-2024-22365 中危 1.5.2-6+deb12u1 1.5.2-6+deb12u2 pam: allowing unprivileged user to block another user namespace

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22365

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-02-06 08:15 修改: 2026-06-17 07:11

libpam0g CVE-2026-54411 中危 1.5.2-6+deb12u1 linux-pam: Plaintext password recovery via timing discrepancy in pam_userdb module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54411

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-14 18:17 修改: 2026-06-17 10:58

libc-bin CVE-2025-4802 中危 2.36-9+deb12u9 2.36-9+deb12u11 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libsmartcols1 CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

libsmartcols1 CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libsmartcols1 CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libsystemd0 CVE-2025-4598 中危 252.33-1~deb12u1 252.38-1~deb12u1 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-30 14:15 修改: 2026-06-30 11:16

libsystemd0 CVE-2026-29111 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29

libsystemd0 CVE-2026-40225 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libsystemd0 CVE-2026-40226 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libsystemd0 CVE-2026-4105 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4105

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-13 19:55 修改: 2026-06-17 10:55

libtasn1-6 CVE-2024-12133 中危 4.19.0-2 4.19.0-2+deb12u1 libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12133

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-02-10 16:15 修改: 2026-06-30 03:16

libc-bin CVE-2025-8058 中危 2.36-9+deb12u9 2.36-9+deb12u13 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

libtinfo6 CVE-2023-50495 中危 6.4-4 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

libudev1 CVE-2025-4598 中危 252.33-1~deb12u1 252.38-1~deb12u1 systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4598

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-30 14:15 修改: 2026-06-30 11:16

libudev1 CVE-2026-29111 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29111

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-23 22:16 修改: 2026-06-17 10:29

libudev1 CVE-2026-40225 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40225

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libudev1 CVE-2026-40226 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd nspawn: Escape-to-host action via crafted config file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libudev1 CVE-2026-4105 中危 252.33-1~deb12u1 252.39-1~deb12u2 systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4105

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-13 19:55 修改: 2026-06-17 10:55

libc-bin CVE-2026-0915 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11

libuuid1 CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

libuuid1 CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libuuid1 CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

login CVE-2023-4641 中危 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1 shadow-utils: possible password leak during passwd(1) change

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38

libc-bin CVE-2026-4046 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-30 18:16 修改: 2026-07-14 13:18

mount CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

mount CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

mount CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libc-bin CVE-2026-4437 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

ncurses-base CVE-2023-50495 中危 6.4-4 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

libc-bin CVE-2026-5435 中危 2.36-9+deb12u9 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-28 13:19 修改: 2026-07-14 13:19

ncurses-bin CVE-2023-50495 中危 6.4-4 ncurses: segmentation fault via _nc_wrap_entry()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-12-12 15:15 修改: 2026-06-17 06:39

passwd CVE-2023-4641 中危 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1 shadow-utils: possible password leak during passwd(1) change

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4641

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-12-27 16:15 修改: 2026-06-17 06:38

libc-bin CVE-2026-5450 中危 2.36-9+deb12u9 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-20 21:16 修改: 2026-07-14 13:19

libc-bin CVE-2026-5928 中危 2.36-9+deb12u9 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-20 21:16 修改: 2026-07-14 13:19

libc-bin CVE-2026-6238 中危 2.36-9+deb12u9 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-28 19:37 修改: 2026-07-14 13:19

libc6 CVE-2025-0395 中危 2.36-9+deb12u9 2.36-9+deb12u10 glibc: buffer overflow in the GNU C Library's assert()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0395

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-01-22 13:15 修改: 2026-06-17 08:26

libc6 CVE-2025-4802 中危 2.36-9+deb12u9 2.36-9+deb12u11 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libc6 CVE-2025-8058 中危 2.36-9+deb12u9 2.36-9+deb12u13 glibc: Double free in glibc

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8058

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-23 20:15 修改: 2026-06-17 10:06

libc6 CVE-2026-0915 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-15 22:16 修改: 2026-06-17 10:11

libc6 CVE-2026-4046 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-30 18:16 修改: 2026-07-14 13:18

libc6 CVE-2026-4437 中危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

perl-base CVE-2025-15649 中危 5.36.0-7+deb12u1 perl-IO-Compress: perl-IO-Compress: Denial of Service via malformed DOS date in zip header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15649

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-27 04:16 修改: 2026-06-17 08:38

perl-base CVE-2025-40909 中危 5.36.0-7+deb12u1 5.36.0-7+deb12u3 perl: Perl threads have a working directory race condition where file operations may target unintended paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-40909

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-30 13:15 修改: 2026-06-17 09:22

perl-base CVE-2026-12087 中危 5.36.0-7+deb12u1 perl-Socket: perl-Socket: Information Disclosure due to Out-of-Bounds Read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12087

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-15 22:16 修改: 2026-06-17 10:14

perl-base CVE-2026-48959 中危 5.36.0-7+deb12u1 perl-IO-Compress: perl-IO-Compress: CPU exhaustion via per-byte read loop in fastForward

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48959

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-27 04:16 修改: 2026-06-17 10:55

perl-base CVE-2026-48961 中危 5.36.0-7+deb12u1 perl-IO-Compress: IO::Compress: Denial of Service in zipdetails CLI tool via malformed Info-ZIP Unix Extra Field

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48961

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-27 04:16 修改: 2026-06-17 10:55

perl-base CVE-2026-7010 中危 5.36.0-7+deb12u1 HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7010

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-05-11 22:22 修改: 2026-06-17 11:01

sed CVE-2026-5958 中危 4.9-1 4.9-1+deb12u1 sed: GNU sed TOCTOU race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5958

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-20 12:16 修改: 2026-06-17 10:59

tar CVE-2026-5704 中危 1.34+dfsg-1.2+deb12u1 tar: tar: Hidden file injection via crafted archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-06 16:16 修改: 2026-06-17 10:59

libc6 CVE-2026-5435 中危 2.36-9+deb12u9 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-28 13:19 修改: 2026-07-14 13:19

util-linux CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

util-linux CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

util-linux CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libc6 CVE-2026-5450 中危 2.36-9+deb12u9 glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-20 21:16 修改: 2026-07-14 13:19

util-linux-extra CVE-2026-13595 中危 2.38.1-5+deb12u3 util-linux: util-linux: heap use-after-free in libblkid nested partition probing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-13595

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-29 09:16 修改: 2026-07-08 03:37

util-linux-extra CVE-2026-27456 中危 2.38.1-5+deb12u3 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

util-linux-extra CVE-2026-3184 中危 2.38.1-5+deb12u3 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libc6 CVE-2026-5928 中危 2.36-9+deb12u9 glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-20 21:16 修改: 2026-07-14 13:19

zlib1g CVE-2026-27171 中危 1:1.2.13.dfsg-1 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libsystemd0 CVE-2023-31437 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can modify a seale ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31437

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libsystemd0 CVE-2023-31438 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can truncate a sea ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31438

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libsystemd0 CVE-2023-31439 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can modify the con ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31439

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libsystemd0 CVE-2026-40228 低危 252.33-1~deb12u1 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libc-bin CVE-2026-0861 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11

libtasn1-6 CVE-2025-13151 低危 4.19.0-2 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13151

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-07 22:15 修改: 2026-06-17 08:33

libc-bin CVE-2026-4438 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

bash TEMP-0841856-B18BAF 低危 5.2.15-2+b7 [Privilege escalation possible to other user than root]

漏洞详情: https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libtinfo6 CVE-2025-6141 低危 6.4-4 gnu-ncurses: ncurses Stack Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6141

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-16 22:16 修改: 2026-06-17 10:01

bsdutils CVE-2022-0563 低危 1:2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

libblkid1 CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

libblkid1 CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

bsdutils CVE-2025-14104 低危 1:2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libgnutls30 CVE-2011-3389 低危 3.7.9-2+deb12u3 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

漏洞详情: https://avd.aquasec.com/nvd/cve-2011-3389

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2011-09-06 19:55 修改: 2026-04-29 01:13

libudev1 CVE-2013-4392 低危 252.33-1~deb12u1 systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4392

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2013-10-28 22:55 修改: 2026-04-29 01:13

libudev1 CVE-2023-31437 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can modify a seale ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31437

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libudev1 CVE-2023-31438 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can truncate a sea ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31438

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libudev1 CVE-2023-31439 低危 252.33-1~deb12u1 An issue was discovered in systemd 253. An attacker can modify the con ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31439

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-06-13 17:15 修改: 2026-06-17 05:56

libudev1 CVE-2026-40228 低危 252.33-1~deb12u1 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libgnutls30 CVE-2025-9820 低危 3.7.9-2+deb12u3 3.7.9-2+deb12u6 gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-26 20:16 修改: 2026-06-30 09:16

libgnutls30 CVE-2026-5419 低危 3.7.9-2+deb12u3 3.7.9-2+deb12u7 gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5419

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-01 21:16 修改: 2026-07-13 22:16

gpgv CVE-2022-3219 低危 2.2.40-1.1 gnupg: denial of service issue (resource consumption) using compressed packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3219

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-02-23 20:15 修改: 2026-06-17 04:59

gpgv CVE-2026-57062 低危 2.2.40-1.1 GnuPG: Incorrect cryptographic message parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-57062

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-06-23 18:18 修改: 2026-06-25 20:16

libuuid1 CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

libuuid1 CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

coreutils CVE-2016-2781 低危 9.1-1 coreutils: Non-privileged session can escape to the parent session in chroot

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-2781

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2017-02-07 15:59 修改: 2026-06-17 00:44

login CVE-2007-5686 低危 1:4.13+dfsg1-1+b1 initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2007-5686

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2007-10-28 17:08 修改: 2026-04-23 00:35

login CVE-2023-29383 低危 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-04-14 22:15 修改: 2026-06-17 05:49

login CVE-2024-56433 低危 1:4.13+dfsg1-1+b1 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

login TEMP-0628843-DBAD28 低危 1:4.13+dfsg1-1+b1 [more related to CVE-2005-4890]

漏洞详情: https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

coreutils CVE-2017-18018 低危 9.1-1 coreutils: race condition vulnerability in chown and chgrp

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18018

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2018-01-04 04:29 修改: 2026-06-17 01:12

coreutils CVE-2025-5278 低危 9.1-1 coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5278

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-05-27 21:15 修改: 2026-07-01 11:16

libc6 CVE-2010-4756 低危 2.36-9+deb12u9 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2010-4756

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2011-03-02 20:00 修改: 2026-04-29 01:13

libmount1 CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

mount CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

mount CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libmount1 CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libc6 CVE-2018-20796 低危 2.36-9+deb12u9 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20796

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-02-26 02:29 修改: 2026-06-17 01:53

ncurses-base CVE-2025-6141 低危 6.4-4 gnu-ncurses: ncurses Stack Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6141

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-16 22:16 修改: 2026-06-17 10:01

libc6 CVE-2019-1010022 低危 2.36-9+deb12u9 glibc: stack guard protection bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010022

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

libc6 CVE-2019-1010023 低危 2.36-9+deb12u9 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010023

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

ncurses-bin CVE-2025-6141 低危 6.4-4 gnu-ncurses: ncurses Stack Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6141

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-06-16 22:16 修改: 2026-06-17 10:01

libc6 CVE-2019-1010024 低危 2.36-9+deb12u9 glibc: ASLR bypass using cache of thread stack and heap

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010024

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

passwd CVE-2007-5686 低危 1:4.13+dfsg1-1+b1 initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2007-5686

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2007-10-28 17:08 修改: 2026-04-23 00:35

passwd CVE-2023-29383 低危 1:4.13+dfsg1-1+b1 1:4.13+dfsg1-1+deb12u1 shadow: Improper input validation in shadow-utils package utility chfn

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-04-14 22:15 修改: 2026-06-17 05:49

passwd CVE-2024-56433 低危 1:4.13+dfsg1-1+b1 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

passwd TEMP-0628843-DBAD28 低危 1:4.13+dfsg1-1+b1 [more related to CVE-2005-4890]

漏洞详情: https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libc6 CVE-2019-1010025 低危 2.36-9+deb12u9 glibc: information disclosure of heap addresses of pthread_created thread

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010025

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

libc6 CVE-2019-9192 低危 2.36-9+deb12u9 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9192

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-02-26 18:29 修改: 2026-06-17 02:43

libc6 CVE-2025-15281 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37

libc6 CVE-2026-0861 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-14 21:15 修改: 2026-06-17 10:11

libc6 CVE-2026-4438 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

apt CVE-2011-3374 低危 2.6.1 It was found that apt-key in apt, all versions, do not correctly valid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2011-3374

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-11-26 00:15 修改: 2024-11-21 01:30

libapt-pkg6.0 CVE-2011-3374 低危 2.6.1 It was found that apt-key in apt, all versions, do not correctly valid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2011-3374

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-11-26 00:15 修改: 2024-11-21 01:30

libgcc-s1 CVE-2022-27943 低危 12.2.0-14 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

libgcc-s1 CVE-2023-4039 低危 12.2.0-14 12.2.0-14+deb12u1 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

dpkg CVE-2025-6297 低危 1.21.22 1.21.23 It was discovered that dpkg-deb does not properly sanitize directory p ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6297

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-07-01 17:15 修改: 2026-07-08 09:16

libgcrypt20 CVE-2018-6829 低危 1.10.1-3 libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-6829

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2018-02-07 23:29 修改: 2026-06-17 02:02

libgcrypt20 CVE-2024-2236 低危 1.10.1-3 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24

gcc-12-base CVE-2022-27943 低危 12.2.0-14 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

gcc-12-base CVE-2023-4039 低危 12.2.0-14 12.2.0-14+deb12u1 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

libc-bin CVE-2010-4756 低危 2.36-9+deb12u9 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2010-4756

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2011-03-02 20:00 修改: 2026-04-29 01:13

perl-base CVE-2011-4116 低危 5.36.0-7+deb12u1 perl: File:: Temp insecure temporary file handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2011-4116

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2020-01-31 18:15 修改: 2025-08-04 19:04

perl-base CVE-2023-31486 低危 5.36.0-7+deb12u1 http-tiny: perl: insecure TLS cert default

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31486

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-04-29 00:15 修改: 2026-06-17 05:57

libc-bin CVE-2018-20796 低危 2.36-9+deb12u9 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20796

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-02-26 02:29 修改: 2026-06-17 01:53

sysvinit-utils TEMP-0517018-A83CE6 低危 3.06-4 [sysvinit: no-root option in expert installer exposes locally exploitable security flaw]

漏洞详情: https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libc-bin CVE-2019-1010022 低危 2.36-9+deb12u9 glibc: stack guard protection bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010022

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

tar CVE-2005-2541 低危 1.34+dfsg-1.2+deb12u1 tar: does not properly warn the user when extracting setuid or setgid files

漏洞详情: https://avd.aquasec.com/nvd/cve-2005-2541

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2005-08-10 04:00 修改: 2026-04-16 00:27

tar TEMP-0290435-0B57B5 低危 1.34+dfsg-1.2+deb12u1 [tar's rmt command may have undesired side effects]

漏洞详情: https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libsmartcols1 CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

libsmartcols1 CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libstdc++6 CVE-2022-27943 低危 12.2.0-14 binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-03-26 13:15 修改: 2026-06-17 04:37

libstdc++6 CVE-2023-4039 低危 12.2.0-14 12.2.0-14+deb12u1 gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4039

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2023-09-13 09:15 修改: 2026-06-23 18:17

util-linux CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

util-linux CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libc-bin CVE-2019-1010023 低危 2.36-9+deb12u9 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010023

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

libc-bin CVE-2019-1010024 低危 2.36-9+deb12u9 glibc: ASLR bypass using cache of thread stack and heap

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010024

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

libc-bin CVE-2019-1010025 低危 2.36-9+deb12u9 glibc: information disclosure of heap addresses of pthread_created thread

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-1010025

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-07-15 04:15 修改: 2026-06-17 02:09

libc-bin CVE-2019-9192 低危 2.36-9+deb12u9 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-9192

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2019-02-26 18:29 修改: 2026-06-17 02:43

util-linux-extra CVE-2022-0563 低危 2.38.1-5+deb12u3 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0563

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2022-02-21 19:15 修改: 2026-06-17 04:20

util-linux-extra CVE-2025-14104 低危 2.38.1-5+deb12u3 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2025-12-05 17:16 修改: 2026-06-30 00:16

libc-bin CVE-2025-15281 低危 2.36-9+deb12u9 2.36-9+deb12u14 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-01-20 14:16 修改: 2026-06-17 08:37

libsystemd0 CVE-2013-4392 低危 252.33-1~deb12u1 systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4392

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2013-10-28 22:55 修改: 2026-04-29 01:13

util-linux CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libsmartcols1 CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libmount1 CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libuuid1 CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

perl-base CVE-2026-57433 未知 5.36.0-7+deb12u1 Storable versions before 3.41 for Perl have a signed integer overflow ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-57433

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-07-13 17:17 修改: 2026-07-14 17:47

perl-base CVE-2026-7017 未知 5.36.0-7+deb12u1 HTTP::Tiny versions before 0.095 for Perl forward credential headers t ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7017

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 2026-07-07 19:16 修改: 2026-07-08 15:56

bsdutils CVE-2026-53613 未知 1:2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

util-linux-extra CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

mount CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

libblkid1 CVE-2026-53613 未知 2.38.1-5+deb12u3 [Local Privilege Escalation via TOCTOU in mount(8) - Target Path Redirection]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53613

镜像层: sha256:7914c8f600f532b7adbd0b003888e3aa921687d62dbe2f1f829d0ab6234a158a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

Node.js (node-pkg)
低危漏洞:23 中危漏洞:108 高危漏洞:82 严重漏洞:6
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
babel-traverse CVE-2023-45133 严重 6.26.0 7.23.2 babel: arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45133

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2023-10-12 17:15 修改: 2026-06-17 06:28

fast-xml-parser CVE-2026-25896 严重 4.4.1 5.3.5, 4.5.4 fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-20 21:19 修改: 2026-07-15 02:18

form-data CVE-2025-7783 严重 4.0.1 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

i18next-fs-backend CVE-2026-48713 严重 2.6.0 2.6.6 i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48713

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 22:16 修改: 2026-06-17 16:39

protobufjs CVE-2026-41242 严重 7.2.6 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-18 17:16 修改: 2026-07-15 02:21

shell-quote CVE-2026-9277 严重 1.8.1 1.8.4 shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9277

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-22 14:16 修改: 2026-07-15 01:17

axios CVE-2025-27152 高危 1.7.9 1.8.2, 0.30.0 axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27152

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-07 16:15 修改: 2026-06-17 09:03

axios CVE-2025-58754 高危 1.7.9 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

axios CVE-2026-25639 高危 1.7.9 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-09 21:15 修改: 2026-07-15 02:18

axios CVE-2026-42033 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42035 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.7.9 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42264 高危 1.7.9 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-08 04:16 修改: 2026-07-15 02:21

axios CVE-2026-44486 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44487 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44488 高危 1.7.9 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44494 高危 1.7.9 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44495 高危 1.7.9 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44496 高危 1.7.9 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

@babel/plugin-transform-modules-systemjs CVE-2026-44728 高危 7.25.9 7.29.4, 8.0.0-alpha.13 Babel is a compiler for writing next generation JavaScript. From 7.12. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44728

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-26 18:16 修改: 2026-06-17 10:51

cross-spawn CVE-2024-21538 高危 7.0.3 7.0.5, 6.0.6 cross-spawn: regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2024-11-08 05:15 修改: 2026-06-17 07:09

@xmldom/xmldom CVE-2026-34601 高危 0.8.10 0.8.12, 0.9.9 xmldom: xmldom: XML structure injection via CDATA terminator

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34601

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-02 18:16 修改: 2026-07-15 02:20

fast-xml-parser CVE-2026-26278 高危 4.4.1 4.5.4, 5.3.6 fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-19 20:25 修改: 2026-07-15 02:19

fast-xml-parser CVE-2026-33036 高危 4.4.1 5.5.6, 4.5.5 fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-20 06:16 修改: 2026-06-17 10:36

@xmldom/xmldom CVE-2026-41672 高危 0.8.10 0.8.13, 0.9.10 xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41672

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 04:16 修改: 2026-07-15 02:21

form-data CVE-2026-12143 高危 4.0.1 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-12 19:16 修改: 2026-07-15 02:18

glob CVE-2025-64756 高危 10.4.2 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

@xmldom/xmldom CVE-2026-41673 高危 0.8.10 0.8.13, 0.9.10 @xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41673

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 04:16 修改: 2026-07-15 02:21

i18next-fs-backend CVE-2026-41693 高危 2.6.0 2.6.4 i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41693

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-08 16:16 修改: 2026-06-17 10:47

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

koa CVE-2026-27959 高危 2.15.4 3.1.2, 2.16.4 koa: Koa: Host header injection vulnerability due to malformed HTTP Host header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27959

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-07-15 02:19

linkify-it CVE-2026-48801 高危 4.0.1 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

linkify-it CVE-2026-48801 高危 5.0.0 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22

lodash-es CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 5.1.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.5 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

nodemailer CVE-2025-14874 高危 6.10.0 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.10.0 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

nodemailer CVE-2025-14874 高危 6.9.16 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.9.16 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

path-to-regexp CVE-2024-52798 高危 0.1.7 0.1.12 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52798

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-12-05 23:15 修改: 2026-06-17 08:07

path-to-regexp CVE-2026-4867 高危 0.1.7 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

path-to-regexp CVE-2024-45296 高危 1.8.0 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

path-to-regexp CVE-2024-45296 高危 6.2.0 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

picomatch CVE-2026-33671 高危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

picomatch CVE-2026-33671 高危 4.0.2 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

@xmldom/xmldom CVE-2026-41674 高危 0.8.10 0.8.13, 0.9.10 xmldom: xmldom: Arbitrary XML markup injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41674

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 04:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-44289 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-44290 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-48712 高危 7.2.6 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

rollup CVE-2024-47068 高危 4.5.1 3.29.5, 4.22.4, 2.79.2 rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47068

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-23 16:15 修改: 2026-06-17 07:56

rollup CVE-2026-27606 高危 4.5.1 2.80.0, 3.30.0, 4.59.0 rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27606

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-25 03:16 修改: 2026-07-15 02:19

sequelize CVE-2026-30951 高危 6.37.3 6.37.8 sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-30951

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-10 21:16 修改: 2026-07-15 02:19

serialize-javascript GHSA-5c6j-r48x-rmvq 高危 6.0.2 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

@xmldom/xmldom CVE-2026-41675 高危 0.8.10 0.8.13, 0.9.10 xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41675

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 04:16 修改: 2026-07-15 02:21

sigstore CVE-2026-48815 高危 2.3.1 4.1.1 sigstore: Sigstore: Unauthorized certificates accepted due to ignored `certificateOIDs` verification option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

socket.io-parser CVE-2026-33151 高危 4.2.4 3.3.5, 3.4.4, 4.2.6 socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33151

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-20 21:17 修改: 2026-06-17 10:37

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tmp CVE-2026-44705 高危 0.0.33 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

tmp CVE-2026-44705 高危 0.2.3 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

underscore CVE-2026-27601 高危 1.13.1 1.13.8 Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27601

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-03 23:15 修改: 2026-06-17 10:27

validator CVE-2025-12758 高危 13.12.0 13.15.22 Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-11-27 05:16 修改: 2026-07-14 16:16

vite CVE-2026-53571 高危 5.4.12 8.0.16, 7.3.5, 6.4.3 vite: `server.fs.deny` bypass on Windows alternate paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53571

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:44

ws CVE-2026-48779 高危 7.5.10 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2024-37890 高危 8.11.0 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.11.0 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

ws CVE-2026-48779 高危 8.17.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 13:20 修改: 2026-07-15 03:16

markdown-it CVE-2026-2327 中危 13.0.2 14.1.1 markdown-it: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2327

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-12 06:16 修改: 2026-06-17 10:30

markdown-it CVE-2026-48988 中危 13.0.2 14.2.0 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06

markdown-it CVE-2026-2327 中危 14.0.0 14.1.1 markdown-it: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2327

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-12 06:16 修改: 2026-06-17 10:30

markdown-it CVE-2026-48988 中危 14.0.0 14.2.0 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06

mermaid CVE-2025-54880 中危 11.4.1 11.10.0 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54880

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-19 17:15 修改: 2026-06-17 09:40

mermaid CVE-2025-54881 中危 11.4.1 11.10.0, 10.9.4 Mermaid improperly sanitizes sequence diagram labels leading to XSS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54881

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-19 17:15 修改: 2026-06-17 09:40

mermaid CVE-2026-41148 中危 11.4.1 11.15.0, 10.9.6 mermaid: Mermaid: CSS injection vulnerability allows page defacement and information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41148

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-22 23:16 修改: 2026-06-17 10:46

mermaid CVE-2026-41149 中危 11.4.1 11.15.0, 10.9.6 mermaid: Mermaid: HTML injection via classDef directive in state diagrams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41149

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-22 23:16 修改: 2026-06-17 10:46

mermaid CVE-2026-41150 中危 11.4.1 11.15.0, 10.9.6 mermaid: Mermaid: Denial of Service via specially crafted gantt charts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41150

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-29 15:16 修改: 2026-06-17 10:46

mermaid CVE-2026-41159 中危 11.4.1 11.15.0, 10.9.6 mermaid: Mermaid: Information disclosure and page defacement via CSS injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41159

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-29 15:16 修改: 2026-07-01 20:17

micromatch CVE-2024-4067 中危 4.0.5 4.0.8 micromatch: vulnerable to Regular Expression Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4067

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-05-14 15:42 修改: 2026-06-17 08:01

axios CVE-2026-42038 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42039 中危 1.7.9 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42041 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42042 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42044 中危 1.7.9 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-44490 中危 1.7.9 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

@opentelemetry/core CVE-2026-54285 中危 1.15.1 2.8.0 @opentelemetry/core: opentelemetry-js: @opentelemetry/core: Denial of Service via oversized baggage HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54285

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

nodemailer CVE-2025-13033 中危 6.10.0 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.10.0 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.10.0 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.10.0 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.10.0 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

dompurify CVE-2025-15599 中危 3.2.3 3.2.7 DOMPurify: DOMPurify: Cross-site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15599

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-03 18:16 修改: 2026-06-17 08:38

dompurify CVE-2025-26791 中危 3.2.3 3.2.4 dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26791

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 09:15 修改: 2026-06-17 09:02

nodemailer CVE-2025-13033 中危 6.9.16 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.9.16 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.9.16 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.9.16 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.9.16 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

dompurify CVE-2026-0540 中危 3.2.3 3.3.2, 2.5.9 DOMPurify: DOMPurify: Cross-site scripting vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0540

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-03 18:16 修改: 2026-06-17 10:10

dompurify CVE-2026-41238 中危 3.2.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-41239 中危 3.2.3 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-41240 中危 3.2.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-23 16:16 修改: 2026-06-17 10:46

dompurify CVE-2026-49458 中危 3.2.3 3.4.6 DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49458

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

dompurify CVE-2026-49459 中危 3.2.3 3.4.6 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49459

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

picomatch CVE-2026-33672 中危 2.3.1 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

dompurify CVE-2026-49978 中危 3.2.3 3.4.7 DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49978

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

picomatch CVE-2026-33672 中危 4.0.2 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

postcss CVE-2026-41305 中危 8.4.47 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

prismjs CVE-2024-53382 中危 1.27.0 1.30.0 prismjs: DOM Clobbering vulnerability within the Prism library's prism-autoloader plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53382

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-03 07:15 修改: 2026-06-17 08:08

dompurify GHSA-39q2-94rc-95cp 中危 3.2.3 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46

dompurify GHSA-76mc-f452-cxcm 中危 3.2.3 3.4.7 DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

漏洞详情: https://github.com/advisories/GHSA-76mc-f452-cxcm

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 19:59 修改: 2026-06-15 19:59

dompurify GHSA-cj63-jhhr-wcxv 中危 3.2.3 3.3.2 DOMPurify USE_PROFILES prototype pollution allows event handlers

漏洞详情: https://github.com/advisories/GHSA-cj63-jhhr-wcxv

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-03 03:45 修改: 2026-05-29 21:46

dompurify GHSA-cjmm-f4jc-qw8r 中危 3.2.3 3.3.2 DOMPurify ADD_ATTR predicate skips URI validation

漏洞详情: https://github.com/advisories/GHSA-cjmm-f4jc-qw8r

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-03 03:46 修改: 2026-05-29 21:47

dompurify GHSA-cmwh-pvxp-8882 中危 3.2.3 3.4.11 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

漏洞详情: https://github.com/advisories/GHSA-cmwh-pvxp-8882

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-18 14:27 修改: 2026-06-18 14:27

dompurify GHSA-h8r8-wccr-v5f2 中危 3.2.3 3.3.2 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization

漏洞详情: https://github.com/advisories/GHSA-h8r8-wccr-v5f2

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-27 20:41 修改: 2026-03-27 20:41

protobufjs CVE-2026-44288 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.2.6 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.2.6 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.2.6 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2025-15284 中危 6.9.7 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

request-filtering-agent CVE-2025-57814 中危 1.1.2 2.0.0 request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57814

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-25 22:15 修改: 2026-06-17 09:43

dottie CVE-2026-27837 中危 2.0.6 2.0.7 dottie.js: dottie.js: Unauthorized object modification via prototype pollution bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27837

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 01:16 修改: 2026-06-17 10:27

esbuild GHSA-67mh-4wv8-2f99 中危 0.21.5 0.25.0 esbuild enables any website to send any requests to the development server and read the response

漏洞详情: https://github.com/advisories/GHSA-67mh-4wv8-2f99

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-10 17:48 修改: 2025-02-10 17:48

@sigstore/core CVE-2026-48758 中危 1.1.0 3.2.1 sigstore-core: @sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-07-14 21:17 修改: 2026-07-14 21:17

@babel/helpers CVE-2025-27789 中危 7.26.7 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

serialize-javascript CVE-2026-34043 中危 6.0.2 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

@babel/runtime CVE-2025-27789 中危 7.24.4 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

fast-xml-parser CVE-2026-33349 中危 4.4.1 4.5.5, 5.5.7 fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37

fast-xml-parser CVE-2026-41650 中危 4.4.1 5.7.0 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.6 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

@octokit/endpoint CVE-2025-25285 中危 9.0.5 9.0.6, 10.1.3 octokit/endpoint: @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25285

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

@octokit/plugin-paginate-rest CVE-2025-25288 中危 11.3.1 11.4.1, 9.2.2 octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

@octokit/plugin-paginate-rest CVE-2025-25288 中危 9.1.5 11.4.1, 9.2.2 octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

ajv CVE-2025-69873 中危 8.12.0 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-11 19:15 修改: 2026-07-15 02:17

@octokit/request CVE-2025-25290 中危 8.4.0 9.2.1, 8.4.1 octokit/request: @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25290

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

i18next-http-backend CVE-2026-41691 中危 2.7.3 3.0.5 i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41691

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 21:16 修改: 2026-06-17 10:47

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-05-12 20:16 修改: 2026-07-15 02:21

@octokit/request-error CVE-2025-25289 中危 5.1.0 5.1.1, 6.1.7 @octokit/request-error: @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25289

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-14 20:15 修改: 2026-06-17 09:00

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

axios CVE-2025-62718 中危 1.7.9 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-09 15:16 修改: 2026-07-15 02:17

validator CVE-2025-56200 中危 13.12.0 13.15.20 validator.js has a URL validation bypass vulnerability in its isURL function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16

koa CVE-2025-32379 中危 2.15.4 2.16.1, 3.0.0-alpha.5 koa: XSS at ctx.redirect() function in Koajs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32379

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-04-09 16:15 修改: 2026-06-17 09:11

vite CVE-2025-30208 中危 5.4.12 6.2.3, 6.1.2, 6.0.12, 5.4.15, 4.5.10 vite: Vite bypasses server.fs.deny when using `?raw??`

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30208

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-24 17:15 修改: 2026-06-17 09:08

vite CVE-2025-31125 中危 5.4.12 6.2.4, 6.1.3, 6.0.13, 5.4.16, 4.5.11 vite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31125

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-31 17:15 修改: 2026-06-17 09:09

vite CVE-2025-31486 中危 5.4.12 6.2.5, 6.1.4, 6.0.14, 5.4.17, 4.5.12 vite: Vite allows server.fs.deny to be bypassed with .svg or relative paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31486

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-04-03 19:15 修改: 2026-06-17 09:10

vite CVE-2025-32395 中危 5.4.12 6.2.6, 6.1.5, 6.0.15, 5.4.18, 4.5.13 vite: Vite has an `server.fs.deny` bypass with an invalid `request-target`

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-32395

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-04-10 14:15 修改: 2026-06-17 09:11

vite CVE-2025-46565 中危 5.4.12 6.3.4, 6.2.7, 6.1.6, 5.4.19, 4.5.14 vite: Path Traversal in Vite Dev Server Allows Access to Restricted Files

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46565

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-05-01 18:15 修改: 2026-06-17 09:26

vite CVE-2025-62522 中危 5.4.12 7.1.11, 7.0.8, 6.4.1, 5.4.21 vite: vite allows server.fs.deny bypass via backslash on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62522

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-20 20:15 修改: 2026-06-17 09:52

vite CVE-2026-39365 中危 5.4.12 8.0.5, 7.3.2, 6.4.2 vite: Vite: Information disclosure via path traversal in dev server's .map request handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39365

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-07 20:16 修改: 2026-06-17 10:42

vite CVE-2026-53632 中危 5.4.12 8.0.16, 7.3.5, 6.4.3 launch-editor: launch-editor: Credential compromise via NTLMv2 password hash leak through UNC path access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53632

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-23 15:44

axios CVE-2026-40175 中危 1.7.9 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-10 20:16 修改: 2026-07-15 02:21

axios CVE-2026-42034 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.7.9 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

ws CVE-2026-45736 中危 8.11.0 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-21 20:16 修改: 2026-07-15 02:17

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

axios CVE-2026-42037 中危 1.7.9 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

lodash-es CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-21 20:16 修改: 2026-07-15 02:17

lodash-es CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

mammoth CVE-2025-11849 中危 1.8.0 1.11.0 Mammoth is vulnerable to Directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11849

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-17 05:15 修改: 2026-06-17 08:31

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

ws CVE-2026-45736 中危 8.17.1 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

yaml CVE-2026-33532 中危 2.3.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2026-01-22 03:15 修改: 2026-07-15 02:18

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.9.16 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

@smithy/config-resolver GHSA-6475-r3vj-m8vf 低危 4.0.1 4.4.0 AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

漏洞详情: https://github.com/advisories/GHSA-6475-r3vj-m8vf

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-08 21:52 修改: 2026-01-08 21:52

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

vite CVE-2025-58751 低危 5.4.12 7.1.5, 7.0.7, 6.3.6, 5.4.20 vitejs/vite: lukeed/sirv: Vite middleware may serve files starting with the same name with the public directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58751

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-09-08 23:15 修改: 2026-06-17 09:44

vite CVE-2025-58752 低危 5.4.12 7.1.5, 7.0.7, 6.3.6, 5.4.20 vite: Vite's `server.fs` settings were not applied to HTML files

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58752

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-09-08 23:15 修改: 2026-06-17 09:44

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

koa CVE-2025-8129 低危 2.15.4 2.16.2, 3.0.1 koa: KoaJS Koa HTTP Header response.js back redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8129

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-07-25 05:15 修改: 2026-06-17 10:06

tmp CVE-2025-54798 低危 0.0.33 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

axios CVE-2026-42040 低危 1.7.9 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

tmp CVE-2025-54798 低危 0.2.3 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

qs CVE-2026-2391 低危 6.9.7 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

fast-xml-parser CVE-2026-27942 低危 4.4.1 5.3.8, 4.5.4 fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:692ebdf2dcbce44c93e4defe6ae2bab8dab7f1d531cb01a11658f8777066c028

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

dompurify GHSA-gvmj-g25r-r7wr 低危 3.2.3 3.4.8 DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

漏洞详情: https://github.com/advisories/GHSA-gvmj-g25r-r7wr

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 20:02 修改: 2026-06-15 20:02

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.10.0 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

formidable CVE-2025-46653 低危 2.1.2 3.5.3, 2.1.3 formidable: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Formidable

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46653

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-04-26 21:15 修改: 2026-06-17 09:26

dompurify GHSA-vxr8-fq34-vvx9 低危 3.2.3 3.4.9 DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

漏洞详情: https://github.com/advisories/GHSA-vxr8-fq34-vvx9

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

dompurify GHSA-x4vx-rjvf-j5p4 低危 3.2.3 DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

漏洞详情: https://github.com/advisories/GHSA-x4vx-rjvf-j5p4

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-15 20:00 修改: 2026-06-15 20:00

mailparser CVE-2026-3455 低危 3.7.2 3.9.3 mailparser vulnerable to Cross-site Scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3455

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

@babel/core CVE-2026-49356 低危 7.26.7 8.0.0-rc.6, 7.29.6 @babel/core: @babel/core: Arbitrary file read via sourceMappingURL comment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49356

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-22 03:15 修改: 2026-07-15 02:18

opt/outline/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild (gobinary)
低危漏洞:3 中危漏洞:39 高危漏洞:16 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2024-24790 严重 v1.20.12 1.21.11, 1.22.4 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2025-68121 严重 v1.20.12 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2023-45288 高危 v1.20.12 1.21.9, 1.22.2 golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-04-04 21:15 修改: 2026-06-17 06:28

stdlib CVE-2024-34156 高危 v1.20.12 1.22.7, 1.23.1 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2025-61726 高危 v1.20.12 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-28 20:16 修改: 2026-07-15 03:16

stdlib CVE-2025-61729 高危 v1.20.12 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.20.12 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-06 22:16 修改: 2026-07-15 03:16

stdlib CVE-2026-27145 高危 v1.20.12 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-02 23:16 修改: 2026-07-15 02:19

stdlib CVE-2026-32280 高危 v1.20.12 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-07-15 02:19

stdlib CVE-2026-32281 高危 v1.20.12 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.20.12 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-07-15 02:19

stdlib CVE-2026-33811 高危 v1.20.12 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-07-15 02:20

stdlib CVE-2026-33814 高危 v1.20.12 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-07-15 02:20

stdlib CVE-2026-39820 高危 v1.20.12 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-07-15 02:20

stdlib CVE-2026-39822 高危 v1.20.12 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-39836 高危 v1.20.12 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.20.12 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-07-15 02:21

stdlib CVE-2026-42504 高危 v1.20.12 1.25.11, 1.26.4 mime: golang: Golang MIME: Denial of Service via maliciously-crafted MIME header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2023-45289 中危 v1.20.12 1.21.8, 1.22.1 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2023-45290 中危 v1.20.12 1.21.8, 1.22.1 golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-03-05 23:15 修改: 2026-06-17 06:28

stdlib CVE-2024-24783 中危 v1.20.12 1.21.8, 1.22.1 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24784 中危 v1.20.12 1.21.8, 1.22.1 golang: net/mail: comments in display names are incorrectly handled

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24785 中危 v1.20.12 1.21.8, 1.22.1 golang: html/template: errors returned from MarshalJSON methods may break template escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-03-05 23:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24789 中危 v1.20.12 1.21.11, 1.22.4 golang: archive/zip: Incorrect handling of certain ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-06-05 16:15 修改: 2026-06-17 07:14

stdlib CVE-2024-24791 中危 v1.20.12 1.21.12, 1.22.5 net/http: Denial of service due to improper 100-continue handling in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-07-02 22:15 修改: 2026-06-17 07:14

stdlib CVE-2024-34155 中危 v1.20.12 1.22.7, 1.23.1 go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-34158 中危 v1.20.12 1.22.7, 1.23.1 go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2024-09-06 21:15 修改: 2026-06-17 07:33

stdlib CVE-2024-45336 中危 v1.20.12 1.22.11, 1.23.5, 1.24.0-rc.2 golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-0913 中危 v1.20.12 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22866 中危 v1.20.12 1.22.12, 1.23.6, 1.24.0-rc.3 crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-02-06 17:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22870 中危 v1.20.12 1.23.7, 1.24.1 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22870

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-03-12 19:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22871 中危 v1.20.12 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.20.12 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.20.12 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.20.12 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.20.12 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.20.12 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.20.12 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.20.12 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.20.12 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.20.12 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.20.12 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.20.12 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.20.12 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.20.12 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.20.12 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.20.12 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.20.12 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.20.12 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.20.12 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.20.12 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.20.12 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.20.12 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.20.12 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.20.12 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42505 中危 v1.20.12 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

stdlib CVE-2026-42507 中危 v1.20.12 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2024-45341 低危 v1.20.12 1.22.11, 1.23.5, 1.24.0-rc.2 golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-01-28 02:15 修改: 2026-06-17 07:54

stdlib CVE-2025-58186 低危 v1.20.12 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.20.12 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20220715151400-c0bba94af5f8 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:deb4cb3fdef80c6b22f8e3f0e28d1a26687ab7939e22c904e5edce03028e607b

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×