docker.io/portainer/portainer-ce:2.39.5 linux/amd64

docker.io/portainer/portainer-ce:2.39.5 - Trivy安全扫描结果 扫描时间: 2026-07-16 08:45
全部漏洞信息
低危漏洞:0 中危漏洞:5 高危漏洞:9 严重漏洞:0

系统OS: 扫描引擎: Trivy 扫描时间: 2026-07-16 08:45

portainer (gobinary)
低危漏洞:0 中危漏洞:5 高危漏洞:9 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/containerd/containerd CVE-2026-53488 高危 v1.7.32 1.7.33 github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53488

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-07-01 02:17 修改: 2026-07-03 04:17

github.com/docker/cli CVE-2025-15558 高危 v28.5.1+incompatible 29.2.0 docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15558

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-03-04 17:16 修改: 2026-07-15 02:17

github.com/docker/docker CVE-2026-34040 高危 v28.5.1+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34040

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

github.com/docker/docker CVE-2026-41567 高危 v28.5.1+incompatible docker: Moby/Docker Engine: Arbitrary Code Execution via malicious container image and compressed archive upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41567

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-06-05 02:17 修改: 2026-07-15 02:21

github.com/docker/docker CVE-2026-42306 高危 v28.5.1+incompatible Moby is an open source container framework. In Docker Engine prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42306

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:47

github.com/moby/buildkit CVE-2026-33747 高危 v0.25.1 0.28.1 BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33747

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-03-27 01:16 修改: 2026-06-17 10:38

github.com/moby/buildkit CVE-2026-33748 高危 v0.25.1 0.28.1 github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33748

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

oras.land/oras-go/v2 CVE-2026-50163 高危 v2.6.1 oras-go: Oras-go: Information disclosure and arbitrary file access via crafted tarball hardlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50163

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

stdlib CVE-2026-39822 高危 v1.25.11 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

github.com/containerd/containerd CVE-2026-47262 中危 v1.7.32 1.7.33 github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47262

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-07-01 19:16 修改: 2026-07-02 19:40

github.com/docker/docker CVE-2026-33997 中危 v28.5.1+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33997

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-03-31 03:15 修改: 2026-07-15 02:20

github.com/docker/docker CVE-2026-41568 中危 v28.5.1+incompatible github.com/docker/docker: github.com/moby/moby: Moby: Denial of Service via race condition in docker cp mount setup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41568

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-06-12 19:16 修改: 2026-06-17 10:46

github.com/gorilla/csrf CVE-2025-47909 中危 v1.7.3 Hosts listed in TrustedOrigins implicitly allow requests from the corr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47909

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2025-08-29 16:15 修改: 2026-06-17 09:28

stdlib CVE-2026-42505 中危 v1.25.11 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.54.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:5b88bd123185e441b36ffeaa75eb16d3f383b9383ea3993de3c0c4f2eb2d7a8d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×