docker.io/stonith404/pingvin-share:v1.13.0 linux/amd64

docker.io/stonith404/pingvin-share:v1.13.0 - Trivy安全扫描结果 扫描时间: 2026-07-08 17:58
全部漏洞信息
低危漏洞:45 中危漏洞:108 高危漏洞:106 严重漏洞:6

系统OS: alpine 3.21.3 扫描引擎: Trivy 扫描时间: 2026-07-08 17:58

docker.io/stonith404/pingvin-share:v1.13.0 (alpine 3.21.3) (alpine)
低危漏洞:29 中危漏洞:27 高危漏洞:22 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

openssl CVE-2026-31789 严重 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2026-28387 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28388 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2025-15467 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-15467 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

libssl3 CVE-2025-69421 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2026-28387 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

musl CVE-2026-40200 高危 1.2.5-r9 1.2.5-r11 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2026-40200 高危 1.2.5-r9 1.2.5-r11 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

nghttp2-libs CVE-2026-27135 高危 1.64.0-r0 1.68.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-03-18 18:16 修改: 2026-06-30 03:17

libcrypto3 CVE-2025-69421 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-15467 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-30 03:16

openssl CVE-2025-69421 高危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2026-28387 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28388 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28389 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

openssl CVE-2026-28390 高危 3.3.3-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

zlib CVE-2026-22184 高危 1.3.1-r2 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-07 21:16 修改: 2026-06-30 03:17

curl CVE-2025-4947 中危 8.12.1-r1 8.14.0-r0 libcurl: curl: QUIC certificate check skip with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4947

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:34

curl CVE-2025-5025 中危 8.12.1-r1 8.14.0-r0 curl: libcurl: QUIC Certificate Pinning Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5025

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:47

curl CVE-2025-5399 中危 8.12.1-r1 8.14.1-r0 curl: libcurl: WebSocket endless loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5399

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-06-07 08:15 修改: 2026-06-17 09:47

curl CVE-2025-9086 中危 8.12.1-r1 8.14.1-r2 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-69419 中危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libssl3 CVE-2025-9230 中危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2025-9231 中危 3.3.3-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-31790 中危 3.3.3-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2025-69419 中危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

musl CVE-2026-6042 中危 1.2.5-r9 1.2.5-r10 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libcrypto3 CVE-2025-9230 中危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

musl-utils CVE-2026-6042 中危 1.2.5-r9 1.2.5-r10 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libcrypto3 CVE-2025-9231 中危 3.3.3-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-31790 中危 3.3.3-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcurl CVE-2025-4947 中危 8.12.1-r1 8.14.0-r0 libcurl: curl: QUIC certificate check skip with wolfSSL

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4947

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:34

libcurl CVE-2025-5025 中危 8.12.1-r1 8.14.0-r0 curl: libcurl: QUIC Certificate Pinning Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5025

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-05-28 07:15 修改: 2026-06-17 09:47

libcurl CVE-2025-5399 中危 8.12.1-r1 8.14.1-r0 curl: libcurl: WebSocket endless loop

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5399

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-06-07 08:15 修改: 2026-06-17 09:47

libcurl CVE-2025-9086 中危 8.12.1-r1 8.14.1-r2 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-12 06:15 修改: 2026-06-17 10:08

busybox CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

busybox-binsh CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

openssl CVE-2025-69419 中危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-9230 中危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl CVE-2025-9231 中危 3.3.3-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl CVE-2026-31790 中危 3.3.3-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

ssl_client CVE-2024-58251 中危 1.37.0-r12 1.37.0-r14 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 18:16 修改: 2026-06-17 08:14

c-ares CVE-2025-62408 中危 1.34.5-r0 1.34.6-r0 c-ares: c-ares: Denial of Service due to query termination after maximum attempts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62408

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-12-08 22:15 修改: 2026-06-17 09:51

zlib CVE-2026-27171 中危 1.3.1-r2 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

libssl3 CVE-2026-22796 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcurl CVE-2025-10148 低危 8.12.1-r1 8.14.1-r2 curl: predictable WebSocket mask

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27

libcrypto3 CVE-2025-66199 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libcrypto3 CVE-2025-68160 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libcrypto3 CVE-2025-69418 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-69420 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

libcrypto3 CVE-2025-9232 低危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libcrypto3 CVE-2026-22795 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libcrypto3 CVE-2026-22796 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

curl CVE-2025-10148 低危 8.12.1-r1 8.14.1-r2 curl: predictable WebSocket mask

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-10148

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-12 06:15 修改: 2026-06-17 08:27

busybox-binsh CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

busybox CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libcrypto3 CVE-2025-15468 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-15468 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

libssl3 CVE-2025-66199 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

libssl3 CVE-2025-68160 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

libssl3 CVE-2025-69418 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-15468 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 08:37

openssl CVE-2025-66199 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:56

openssl CVE-2025-68160 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 09:58

openssl CVE-2025-69418 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-69420 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

openssl CVE-2025-9232 低危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

openssl CVE-2026-22795 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

openssl CVE-2026-22796 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:53e353f4473c5c887311dc807c57c6bb9fcb7d1994433ed081fb564e55728466

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

libssl3 CVE-2025-69420 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:00

ssl_client CVE-2025-46394 低危 1.37.0-r12 1.37.0-r14 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-04-23 16:15 修改: 2026-06-17 09:26

libssl3 CVE-2025-9232 低危 3.3.3-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2025-09-30 14:15 修改: 2026-06-17 10:08

libssl3 CVE-2026-22795 低危 3.3.3-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350

发布日期: 2026-01-27 16:16 修改: 2026-06-17 10:20

Node.js (node-pkg)
低危漏洞:14 中危漏洞:54 高危漏洞:72 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
fast-xml-parser CVE-2026-25896 严重 4.4.1 5.3.5, 4.5.4 fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-20 21:19 修改: 2026-06-30 03:17

form-data CVE-2025-7783 严重 4.0.0 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

axios CVE-2026-42033 高危 1.8.4 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42035 高危 1.8.4 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.8.4 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42264 高危 1.8.4 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-08 04:16 修改: 2026-07-06 13:16

axios CVE-2026-44486 高危 1.8.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44487 高危 1.8.4 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44488 高危 1.8.4 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44492 高危 1.8.4 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44494 高危 1.8.4 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44495 高危 1.8.4 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44496 高危 1.8.4 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2025-58754 高危 1.8.4 1.12.0, 0.30.2 axios: Axios DoS via lack of data size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44

fast-xml-parser CVE-2026-26278 高危 4.4.1 4.5.4, 5.3.6 fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-19 20:25 修改: 2026-06-30 03:17

fast-xml-parser CVE-2026-33036 高危 4.4.1 5.5.6, 4.5.5 fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-20 06:16 修改: 2026-06-17 10:36

axios CVE-2026-25639 高危 1.8.4 1.13.5, 0.30.3 axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-02-09 21:15 修改: 2026-07-01 13:16

form-data CVE-2026-12143 高危 4.0.0 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-12 19:16 修改: 2026-07-02 12:16

glob CVE-2025-64756 高危 10.4.5 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 10.4.5 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

glob CVE-2025-64756 高危 11.0.1 11.1.0, 10.5.0 glob: glob: Command Injection Vulnerability via Malicious Filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55

jws CVE-2025-65945 高危 3.2.2 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

minimatch CVE-2026-26996 高危 10.0.1 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 10.0.1 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 10.0.1 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 5.1.6 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 5.1.6 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 9.0.5 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 9.0.5 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 9.0.5 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

multer CVE-2025-47935 高危 1.4.5-lts.2 2.0.0 Multer vulnerable to Denial of Service via memory leaks from unclosed streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47935

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-05-19 20:15 修改: 2026-06-17 09:28

multer CVE-2025-47944 高危 1.4.5-lts.2 2.0.0 Multer vulnerable to Denial of Service from maliciously crafted requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47944

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-05-19 20:15 修改: 2026-06-17 09:28

multer CVE-2025-48997 高危 1.4.5-lts.2 2.0.1 multer: Multer vulnerable to Denial of Service via unhandled exception

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48997

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-06-03 19:15 修改: 2026-06-17 09:30

multer CVE-2025-7338 高危 1.4.5-lts.2 2.0.2 multer: Multer Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7338

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04

multer CVE-2026-2359 高危 1.4.5-lts.2 2.1.0 multer: Multer: Denial of Service via dropped file upload connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2359

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-27 16:16 修改: 2026-06-30 03:18

multer CVE-2026-3304 高危 1.4.5-lts.2 2.1.0 multer: Multer: Denial of Service via malformed requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3304

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-27 16:16 修改: 2026-06-30 03:19

multer CVE-2026-3520 高危 1.4.5-lts.2 2.1.1 multer: Multer: Denial of Service via malformed requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3520

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-04 17:16 修改: 2026-06-30 03:19

multer CVE-2026-5079 高危 1.4.5-lts.2 2.2.0, 3.0.0-alpha.2 Multer vulnerable to Denial of Service via deeply nested field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5079

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-15 14:16 修改: 2026-06-17 10:58

next CVE-2026-44573 高危 14.2.26 15.5.16, 16.2.5 next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 17:16 修改: 2026-07-03 13:17

next CVE-2026-44578 高危 14.2.26 15.5.16, 16.2.5 Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 18:16 修改: 2026-07-03 13:17

next GHSA-5j59-xgg2-r9c4 高危 14.2.26 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, 16.0.10, 16.1.0-canary.19 Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

漏洞详情: https://github.com/advisories/GHSA-5j59-xgg2-r9c4

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-12-12 17:21 修改: 2026-01-15 21:55

next GHSA-8h8q-6873-q5fj 高危 14.2.26 15.5.16, 16.2.5 Next.js Vulnerable to Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50

next GHSA-h25m-26qc-wcjf 高危 14.2.26 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5 Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

漏洞详情: https://github.com/advisories/GHSA-h25m-26qc-wcjf

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-01-28 15:38 修改: 2026-01-28 15:38

next GHSA-mwv6-3258-q52c 高危 14.2.26 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17 Next Vulnerable to Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-mwv6-3258-q52c

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-12-11 22:49 修改: 2025-12-11 22:49

next GHSA-q4gf-8mx6-v5v3 高危 14.2.26 15.5.15, 16.2.3 Next.js has a Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35

nodemailer CVE-2025-14874 高危 6.10.1 7.0.11 nodemailer: Nodemailer: Denial of service via crafted email address header

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36

nodemailer GHSA-p6gq-j5cr-w38f 高危 6.10.1 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

path-to-regexp CVE-2026-4926 高危 8.2.0 8.4.0 path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4926

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-26 19:17 修改: 2026-06-30 03:20

serialize-javascript GHSA-5c6j-r48x-rmvq 高危 6.0.2 7.0.3 Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17

sigstore CVE-2026-48815 高危 3.0.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 7.4.3 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23745 高危 7.4.3 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 7.4.3 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-23950 高危 7.4.3 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17

tar CVE-2026-24842 高危 7.4.3 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-24842 高危 7.4.3 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17

tar CVE-2026-26960 高危 7.4.3 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 7.4.3 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 7.4.3 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-29786 高危 7.4.3 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18

tar CVE-2026-31802 高危 7.4.3 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 7.4.3 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

validator CVE-2025-12758 高危 13.12.0 13.15.22 Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-27 05:16 修改: 2026-06-17 08:32

axios CVE-2026-42039 中危 1.8.4 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-21 20:16 修改: 2026-07-03 13:16

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

next CVE-2025-55173 中危 14.2.26 14.2.31, 15.4.5 nextjs: Next.js Content Injection Vulnerability for Image Optimization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55173

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:41

next CVE-2025-57752 中危 14.2.26 14.2.31, 15.4.5 nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57752

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:43

next CVE-2025-57822 中危 14.2.26 14.2.32, 15.4.7 Next.js Improper Middleware Redirect Handling Leads to SSRF

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57822

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:43

next CVE-2025-59471 中危 14.2.26 15.5.10, 16.1.5 next: NextJS Denial of Service in Image Optimizer

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59471

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-01-26 22:15 修改: 2026-06-17 09:46

next CVE-2026-27980 中危 14.2.26 16.1.7, 15.5.14 next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-03-18 01:16 修改: 2026-06-17 10:28

next CVE-2026-29057 中危 14.2.26 16.1.7, 15.5.13 next.js: Next.js: HTTP request smuggling in rewrites

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-03-18 01:16 修改: 2026-06-17 10:29

next CVE-2026-44576 中危 14.2.26 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning vulnerability in React Server Components

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 17:16 修改: 2026-06-17 10:50

next CVE-2026-44577 中危 14.2.26 15.5.16, 16.2.5 Next.js: Next.js: Denial of Service via Image Optimization API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 17:16 修改: 2026-07-03 13:17

next CVE-2026-44580 中危 14.2.26 15.5.16, 16.2.5 next.js: Next.js: Cross-site scripting allows arbitrary code execution via untrusted script content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

next CVE-2026-44581 中危 14.2.26 15.5.16, 16.2.5 next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

axios CVE-2026-42041 中危 1.8.4 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17

axios CVE-2026-42042 中危 1.8.4 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

nodemailer CVE-2025-13033 中危 6.10.1 7.0.7 nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33

nodemailer GHSA-268h-hp4c-crq3 中危 6.10.1 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 6.10.1 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 6.10.1 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 6.10.1 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

axios CVE-2026-42044 中危 1.8.4 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-07-07 12:16

path-to-regexp CVE-2026-4923 中危 8.2.0 8.4.0 path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4923

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-26 19:17 修改: 2026-06-17 10:57

postcss CVE-2026-41305 中危 8.4.31 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

qs CVE-2025-15284 中危 6.14.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.14.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

axios CVE-2026-44490 中危 1.8.4 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

serialize-javascript CVE-2026-34043 中危 6.0.2 7.0.5 serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

body-parser CVE-2025-13466 中危 2.2.0 2.2.1 body-parser: body-parser denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13466

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-24 19:15 修改: 2026-06-17 08:34

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

@sigstore/core CVE-2026-48758 中危 2.0.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

ajv CVE-2025-69873 中危 6.12.6 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-02-11 19:15 修改: 2026-06-30 05:17

@nestjs/core CVE-2026-35515 中危 11.0.17 11.1.18 @nestjs/core: Nest: Server-Sent Events (SSE) injection and spoofing via unsanitized newline characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35515

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-07 16:16 修改: 2026-06-17 10:40

fast-xml-parser CVE-2026-33349 中危 4.4.1 4.5.5, 5.5.7 fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

fast-xml-parser CVE-2026-41650 中危 4.4.1 5.7.0 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46

file-type CVE-2026-31808 中危 20.4.1 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34

file-type CVE-2026-32630 中危 20.4.1 21.3.2 file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32630

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.6 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

axios CVE-2025-62718 中危 1.8.4 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16

axios CVE-2026-40175 中危 1.8.4 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19

axios CVE-2026-42034 中危 1.8.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42036 中危 1.8.4 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.8.4 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

js-yaml CVE-2025-64718 中危 4.1.0 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

js-yaml CVE-2026-53550 中危 4.1.0 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16

tar CVE-2026-53655 中危 7.4.3 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 7.4.3 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

uuid CVE-2026-41907 中危 11.1.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.8.4 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

validator CVE-2025-56200 中危 13.12.0 13.15.20 validator.js has a URL validation bypass vulnerability in its isURL function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16

yaml CVE-2026-33532 中危 2.7.1 2.8.3, 1.10.3 yaml: yaml: Denial of Service via deeply nested YAML document parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37

nodemailer GHSA-c7w3-x93f-qmm8 低危 6.10.1 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

next CVE-2025-48068 低危 14.2.26 15.2.2, 14.2.30 next.js: Information exposure in Next.js dev server due to lack of origin verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48068

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2025-05-30 04:15 修改: 2026-06-17 09:29

next CVE-2026-44572 低危 14.2.26 15.5.16, 16.2.5 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

next CVE-2026-44582 低危 14.2.26 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning allows incorrect response delivery

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

qs CVE-2026-2391 低危 6.14.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

diff CVE-2026-24001 低危 4.0.2 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

fast-xml-parser CVE-2026-27942 低危 4.4.1 5.3.8, 4.5.4 fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

diff CVE-2026-24001 低危 5.2.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55

发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17

axios CVE-2026-42040 低危 1.8.4 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

webpack CVE-2025-68157 低危 5.94.0 5.104.0 webpack: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68157

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:58

webpack CVE-2025-68458 低危 5.94.0 5.104.1 webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68458

镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f

发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:59

@smithy/config-resolver GHSA-6475-r3vj-m8vf 低危 4.1.0 4.4.0 AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

漏洞详情: https://github.com/advisories/GHSA-6475-r3vj-m8vf

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-08 21:52 修改: 2026-01-08 21:52

opt/app/backend/node_modules/esbuild/bin/esbuild (gobinary)
低危漏洞:2 中危漏洞:27 高危漏洞:12 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2025-68121 严重 v1.23.7 1.24.13, 1.25.7, 1.26.0-rc.3 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68121

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-05 18:16 修改: 2026-06-17 09:58

stdlib CVE-2025-61726 高危 v1.23.7 1.24.12, 1.25.6 golang: net/url: Memory exhaustion in query parameter parsing in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61726

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-28 20:16 修改: 2026-07-07 12:16

stdlib CVE-2025-61729 高危 v1.23.7 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-12-02 19:15 修改: 2026-06-17 09:50

stdlib CVE-2026-25679 高危 v1.23.7 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25679

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-06 22:16 修改: 2026-07-07 12:16

stdlib CVE-2026-27145 高危 v1.23.7 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27145

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-02 23:16 修改: 2026-07-06 13:16

stdlib CVE-2026-32280 高危 v1.23.7 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32280

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-07-07 12:16

stdlib CVE-2026-32281 高危 v1.23.7 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32281

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32283 高危 v1.23.7 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32283

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-07-06 13:16

stdlib CVE-2026-33811 高危 v1.23.7 1.25.10, 1.26.3 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-07-07 12:16

stdlib CVE-2026-33814 高危 v1.23.7 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-07-06 13:16

stdlib CVE-2026-39820 高危 v1.23.7 1.25.10, 1.26.3 net/mail: golang: Go net/mail: Denial of Service via crafted email inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-07-02 12:17

stdlib CVE-2026-39836 高危 v1.23.7 1.25.10, 1.26.3 ELSA-2026-22121: golang security update (IMPORTANT)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42499 高危 v1.23.7 1.25.10, 1.26.3 net/mail: golang: net/mail: Denial of Service via pathological email address parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-07-06 13:16

stdlib CVE-2025-0913 中危 v1.23.7 1.23.10, 1.24.4 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-06-11 18:15 修改: 2026-06-17 08:27

stdlib CVE-2025-22871 中危 v1.23.7 1.23.8, 1.24.2 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-04-08 20:15 修改: 2026-06-17 08:50

stdlib CVE-2025-22873 中危 v1.23.7 1.23.9, 1.24.3 os: os: Information disclosure via path traversal using specially crafted filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22873

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-02-04 23:15 修改: 2026-06-17 08:50

stdlib CVE-2025-4673 中危 v1.23.7 1.23.10, 1.24.4 net/http: Sensitive headers not cleared on cross-origin redirect in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-06-11 17:15 修改: 2026-06-17 09:33

stdlib CVE-2025-47906 中危 v1.23.7 1.23.12, 1.24.6 os/exec: Unexpected paths returned from LookPath in os/exec

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-09-18 19:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47907 中危 v1.23.7 1.23.12, 1.24.6 database/sql: Postgres Scan Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-08-07 16:15 修改: 2026-06-17 09:28

stdlib CVE-2025-47912 中危 v1.23.7 1.24.8, 1.25.2 net/url: Insufficient validation of bracketed IPv6 hostnames in net/url

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:28

stdlib CVE-2025-58183 中危 v1.23.7 1.24.8, 1.25.2 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58185 中危 v1.23.7 1.24.8, 1.25.2 encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58187 中危 v1.23.7 1.24.9, 1.25.3 crypto/x509: Quadratic complexity when checking name constraints in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58188 中危 v1.23.7 1.24.8, 1.25.2 crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-58189 中危 v1.23.7 1.24.8, 1.25.2 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2025-61723 中危 v1.23.7 1.24.8, 1.25.2 encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61724 中危 v1.23.7 1.24.8, 1.25.2 net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61725 中危 v1.23.7 1.24.8, 1.25.2 net/mail: Excessive CPU consumption in ParseAddress in net/mail

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61727 中危 v1.23.7 1.24.11, 1.25.5 golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-12-03 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61728 中危 v1.23.7 1.24.12, 1.25.6 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61728

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2025-61730 中危 v1.23.7 1.24.12, 1.25.6 crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61730

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-01-28 20:16 修改: 2026-06-17 09:50

stdlib CVE-2026-27142 中危 v1.23.7 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

stdlib CVE-2026-32282 中危 v1.23.7 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32282

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32288 中危 v1.23.7 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32288

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-32289 中危 v1.23.7 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32289

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-04-08 02:16 修改: 2026-06-17 10:35

stdlib CVE-2026-39823 中危 v1.23.7 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39825 中危 v1.23.7 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-39826 中危 v1.23.7 1.25.10, 1.26.3 html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-07 20:16 修改: 2026-06-17 10:42

stdlib CVE-2026-42504 中危 v1.23.7 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing many invalid enc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42504

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2026-42507 中危 v1.23.7 1.25.11, 1.26.4 net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42507

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-06-02 23:16 修改: 2026-06-17 10:47

stdlib CVE-2025-58186 低危 v1.23.7 1.24.8, 1.25.2 golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2025-10-29 23:16 修改: 2026-06-17 09:44

stdlib CVE-2026-27139 低危 v1.23.7 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27139

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-03-06 22:16 修改: 2026-06-17 10:26

golang.org/x/sys CVE-2026-39824 未知 v0.0.0-20220715151400-c0bba94af5f8 0.44.0 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39824

镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b

发布日期: 2026-05-22 20:16 修改: 2026-06-17 10:42

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×