| fast-xml-parser |
CVE-2026-25896 |
严重 |
4.4.1 |
5.3.5, 4.5.4 |
fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25896
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-20 21:19 修改: 2026-06-30 03:17
|
| form-data |
CVE-2025-7783 |
严重 |
4.0.0 |
2.5.4, 3.0.4, 4.0.4 |
form-data: Unsafe random function in form-data
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05
|
| axios |
CVE-2026-42033 |
高危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: HTTP Transport Hijacking via Prototype Pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17
|
| axios |
CVE-2026-42035 |
高危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Arbitrary HTTP header injection via prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| axios |
CVE-2026-42043 |
高危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: NO_PROXY bypass via crafted URL
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17
|
| axios |
CVE-2026-42264 |
高危 |
1.8.4 |
1.15.2 |
axios: Axios: Prototype pollution allows information disclosure and request manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-08 04:16 修改: 2026-07-06 13:16
|
| axios |
CVE-2026-44486 |
高危 |
1.8.4 |
1.16.0, 0.32.0 |
axios: Axios: Information disclosure of proxy credentials via HTTP redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17
|
| axios |
CVE-2026-44487 |
高危 |
1.8.4 |
1.16.0, 0.32.0 |
axios: Axios: Information disclosure of proxy credentials via redirect flows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16
|
| axios |
CVE-2026-44488 |
高危 |
1.8.4 |
1.16.0 |
axios: Axios: Denial of Service due to unenforced request and response size limits
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17
|
| axios |
CVE-2026-44492 |
高危 |
1.8.4 |
1.16.0, 0.32.0 |
axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16
|
| axios |
CVE-2026-44494 |
高危 |
1.8.4 |
1.16.0 |
axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16
|
| axios |
CVE-2026-44495 |
高危 |
1.8.4 |
1.15.2, 0.31.1 |
axios: Axios: Information disclosure due to prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16
|
| axios |
CVE-2026-44496 |
高危 |
1.8.4 |
1.16.0, 0.32.0 |
axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17
|
| axios |
CVE-2025-58754 |
高危 |
1.8.4 |
1.12.0, 0.30.2 |
axios: Axios DoS via lack of data size check
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58754
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-09-12 02:15 修改: 2026-06-17 09:44
|
| fast-xml-parser |
CVE-2026-26278 |
高危 |
4.4.1 |
4.5.4, 5.3.6 |
fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26278
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-19 20:25 修改: 2026-06-30 03:17
|
| fast-xml-parser |
CVE-2026-33036 |
高危 |
4.4.1 |
5.5.6, 4.5.5 |
fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33036
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-20 06:16 修改: 2026-06-17 10:36
|
| axios |
CVE-2026-25639 |
高危 |
1.8.4 |
1.13.5, 0.30.3 |
axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25639
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-02-09 21:15 修改: 2026-07-01 13:16
|
| form-data |
CVE-2026-12143 |
高危 |
4.0.0 |
2.5.6, 3.0.5, 4.0.6 |
form-data: form-data: Form field override via CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-12 19:16 修改: 2026-07-02 12:16
|
| glob |
CVE-2025-64756 |
高危 |
10.4.5 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55
|
| glob |
CVE-2025-64756 |
高危 |
10.4.5 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55
|
| glob |
CVE-2025-64756 |
高危 |
11.0.1 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-17 18:15 修改: 2026-06-17 09:55
|
| jws |
CVE-2025-65945 |
高危 |
3.2.2 |
3.2.3, 4.0.1 |
node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56
|
| lodash |
CVE-2026-4800 |
高危 |
4.17.21 |
4.18.0 |
lodash: lodash: Arbitrary code execution via untrusted input in template imports
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17
|
| minimatch |
CVE-2026-26996 |
高危 |
10.0.1 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-27903 |
高危 |
10.0.1 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
10.0.1 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-26996 |
高危 |
5.1.6 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-27903 |
高危 |
5.1.6 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
5.1.6 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-26996 |
高危 |
9.0.5 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-26996 |
高危 |
9.0.5 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26
|
| minimatch |
CVE-2026-27903 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27903 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| minimatch |
CVE-2026-27904 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| multer |
CVE-2025-47935 |
高危 |
1.4.5-lts.2 |
2.0.0 |
Multer vulnerable to Denial of Service via memory leaks from unclosed streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47935
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-05-19 20:15 修改: 2026-06-17 09:28
|
| multer |
CVE-2025-47944 |
高危 |
1.4.5-lts.2 |
2.0.0 |
Multer vulnerable to Denial of Service from maliciously crafted requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47944
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-05-19 20:15 修改: 2026-06-17 09:28
|
| multer |
CVE-2025-48997 |
高危 |
1.4.5-lts.2 |
2.0.1 |
multer: Multer vulnerable to Denial of Service via unhandled exception
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48997
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-06-03 19:15 修改: 2026-06-17 09:30
|
| multer |
CVE-2025-7338 |
高危 |
1.4.5-lts.2 |
2.0.2 |
multer: Multer Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7338
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04
|
| multer |
CVE-2026-2359 |
高危 |
1.4.5-lts.2 |
2.1.0 |
multer: Multer: Denial of Service via dropped file upload connections
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2359
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-27 16:16 修改: 2026-06-30 03:18
|
| multer |
CVE-2026-3304 |
高危 |
1.4.5-lts.2 |
2.1.0 |
multer: Multer: Denial of Service via malformed requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3304
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-27 16:16 修改: 2026-06-30 03:19
|
| multer |
CVE-2026-3520 |
高危 |
1.4.5-lts.2 |
2.1.1 |
multer: Multer: Denial of Service via malformed requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3520
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-04 17:16 修改: 2026-06-30 03:19
|
| multer |
CVE-2026-5079 |
高危 |
1.4.5-lts.2 |
2.2.0, 3.0.0-alpha.2 |
Multer vulnerable to Denial of Service via deeply nested field names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5079
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-15 14:16 修改: 2026-06-17 10:58
|
| next |
CVE-2026-44573 |
高危 |
14.2.26 |
15.5.16, 16.2.5 |
next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 17:16 修改: 2026-07-03 13:17
|
| next |
CVE-2026-44578 |
高危 |
14.2.26 |
15.5.16, 16.2.5 |
Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 18:16 修改: 2026-07-03 13:17
|
| next |
GHSA-5j59-xgg2-r9c4 |
高危 |
14.2.26 |
14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, 16.0.10, 16.1.0-canary.19 |
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
漏洞详情: https://github.com/advisories/GHSA-5j59-xgg2-r9c4
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-12-12 17:21 修改: 2026-01-15 21:55
|
| next |
GHSA-8h8q-6873-q5fj |
高危 |
14.2.26 |
15.5.16, 16.2.5 |
Next.js Vulnerable to Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
|
| next |
GHSA-h25m-26qc-wcjf |
高危 |
14.2.26 |
15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5 |
Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components
漏洞详情: https://github.com/advisories/GHSA-h25m-26qc-wcjf
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-01-28 15:38 修改: 2026-01-28 15:38
|
| next |
GHSA-mwv6-3258-q52c |
高危 |
14.2.26 |
14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17 |
Next Vulnerable to Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-mwv6-3258-q52c
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-12-11 22:49 修改: 2025-12-11 22:49
|
| next |
GHSA-q4gf-8mx6-v5v3 |
高危 |
14.2.26 |
15.5.15, 16.2.3 |
Next.js has a Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
|
| nodemailer |
CVE-2025-14874 |
高危 |
6.10.1 |
7.0.11 |
nodemailer: Nodemailer: Denial of service via crafted email address header
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14874
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-12-18 09:15 修改: 2026-06-17 08:36
|
| nodemailer |
GHSA-p6gq-j5cr-w38f |
高危 |
6.10.1 |
9.0.1 |
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28
|
| path-to-regexp |
CVE-2026-4926 |
高危 |
8.2.0 |
8.4.0 |
path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4926
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-26 19:17 修改: 2026-06-30 03:20
|
| serialize-javascript |
GHSA-5c6j-r48x-rmvq |
高危 |
6.0.2 |
7.0.3 |
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
漏洞详情: https://github.com/advisories/GHSA-5c6j-r48x-rmvq
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-02-28 02:50 修改: 2026-03-02 16:17
|
| sigstore |
CVE-2026-48815 |
高危 |
3.0.0 |
4.1.1 |
sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| tar |
CVE-2026-23745 |
高危 |
7.4.3 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-23745 |
高危 |
7.4.3 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-16 22:16 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-23950 |
高危 |
7.4.3 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-23950 |
高危 |
7.4.3 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-20 01:15 修改: 2026-06-30 03:17
|
| tar |
CVE-2026-24842 |
高危 |
7.4.3 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17
|
| tar |
CVE-2026-24842 |
高危 |
7.4.3 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-28 01:16 修改: 2026-06-30 05:17
|
| tar |
CVE-2026-26960 |
高危 |
7.4.3 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-26960 |
高危 |
7.4.3 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-29786 |
高危 |
7.4.3 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18
|
| tar |
CVE-2026-29786 |
高危 |
7.4.3 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-07 16:15 修改: 2026-06-30 03:18
|
| tar |
CVE-2026-31802 |
高危 |
7.4.3 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| tar |
CVE-2026-31802 |
高危 |
7.4.3 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| validator |
CVE-2025-12758 |
高危 |
13.12.0 |
13.15.22 |
Validator is Vulnerable to Incomplete Filtering of One or More Instances of Special Elements
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12758
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-27 05:16 修改: 2026-06-17 08:32
|
| axios |
CVE-2026-42039 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17
|
| lodash |
CVE-2025-13465 |
中危 |
4.17.21 |
4.17.23 |
lodash: prototype pollution in _.unset and _.omit functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-01-21 20:16 修改: 2026-07-03 13:16
|
| lodash |
CVE-2026-2950 |
中危 |
4.17.21 |
4.18.0 |
lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32
|
| next |
CVE-2025-55173 |
中危 |
14.2.26 |
14.2.31, 15.4.5 |
nextjs: Next.js Content Injection Vulnerability for Image Optimization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55173
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:41
|
| next |
CVE-2025-57752 |
中危 |
14.2.26 |
14.2.31, 15.4.5 |
nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57752
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:43
|
| next |
CVE-2025-57822 |
中危 |
14.2.26 |
14.2.32, 15.4.7 |
Next.js Improper Middleware Redirect Handling Leads to SSRF
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57822
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-08-29 22:15 修改: 2026-06-17 09:43
|
| next |
CVE-2025-59471 |
中危 |
14.2.26 |
15.5.10, 16.1.5 |
next: NextJS Denial of Service in Image Optimizer
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59471
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-01-26 22:15 修改: 2026-06-17 09:46
|
| next |
CVE-2026-27980 |
中危 |
14.2.26 |
16.1.7, 15.5.14 |
next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-03-18 01:16 修改: 2026-06-17 10:28
|
| next |
CVE-2026-29057 |
中危 |
14.2.26 |
16.1.7, 15.5.13 |
next.js: Next.js: HTTP request smuggling in rewrites
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-03-18 01:16 修改: 2026-06-17 10:29
|
| next |
CVE-2026-44576 |
中危 |
14.2.26 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning vulnerability in React Server Components
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 17:16 修改: 2026-06-17 10:50
|
| next |
CVE-2026-44577 |
中危 |
14.2.26 |
15.5.16, 16.2.5 |
Next.js: Next.js: Denial of Service via Image Optimization API
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 17:16 修改: 2026-07-03 13:17
|
| next |
CVE-2026-44580 |
中危 |
14.2.26 |
15.5.16, 16.2.5 |
next.js: Next.js: Cross-site scripting allows arbitrary code execution via untrusted script content
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50
|
| next |
CVE-2026-44581 |
中危 |
14.2.26 |
15.5.16, 16.2.5 |
next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50
|
| axios |
CVE-2026-42041 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-07-01 13:17
|
| axios |
CVE-2026-42042 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: XSRF token bypass leading to information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| nodemailer |
CVE-2025-13033 |
中危 |
6.10.1 |
7.0.7 |
nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13033
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-14 20:15 修改: 2026-06-17 08:33
|
| nodemailer |
GHSA-268h-hp4c-crq3 |
中危 |
6.10.1 |
8.0.9 |
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36
|
| nodemailer |
GHSA-r7g4-qg5f-qqm2 |
中危 |
6.10.1 |
8.0.8 |
Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception
漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34
|
| nodemailer |
GHSA-vvjj-xcjg-gr5g |
中危 |
6.10.1 |
8.0.5 |
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)
漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05
|
| nodemailer |
GHSA-wqvq-jvpq-h66f |
中危 |
6.10.1 |
8.0.9 |
Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization
漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35
|
| axios |
CVE-2026-42044 |
中危 |
1.8.4 |
1.15.2 |
axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-07-07 12:16
|
| path-to-regexp |
CVE-2026-4923 |
中危 |
8.2.0 |
8.4.0 |
path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4923
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-26 19:17 修改: 2026-06-17 10:57
|
| postcss |
CVE-2026-41305 |
中危 |
8.4.31 |
8.5.10 |
postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46
|
| qs |
CVE-2025-15284 |
中危 |
6.14.0 |
6.14.1 |
qs: qs: Denial of Service via improper input validation in array parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37
|
| qs |
CVE-2026-8723 |
中危 |
6.14.0 |
6.15.2 |
### Summary `qs.stringify` throws `TypeError` when called with `arr ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04
|
| axios |
CVE-2026-44490 |
中危 |
1.8.4 |
1.16.0, 0.32.0 |
axios: Axios: Information disclosure and denial of service due to prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50
|
| serialize-javascript |
CVE-2026-34043 |
中危 |
6.0.2 |
7.0.5 |
serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34043
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
|
| body-parser |
CVE-2025-13466 |
中危 |
2.2.0 |
2.2.1 |
body-parser: body-parser denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13466
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-24 19:15 修改: 2026-06-17 08:34
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.1 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.1 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| @sigstore/core |
CVE-2026-48758 |
中危 |
2.0.0 |
3.2.1 |
@sigstore/core has DSSE payloadType type-binding failure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ajv |
CVE-2025-69873 |
中危 |
6.12.6 |
8.18.0, 6.14.0 |
ajv: ReDoS via $data reference
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-02-11 19:15 修改: 2026-06-30 05:17
|
| @nestjs/core |
CVE-2026-35515 |
中危 |
11.0.17 |
11.1.18 |
@nestjs/core: Nest: Server-Sent Events (SSE) injection and spoofing via unsanitized newline characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35515
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-04-07 16:16 修改: 2026-06-17 10:40
|
| fast-xml-parser |
CVE-2026-33349 |
中危 |
4.4.1 |
4.5.5, 5.5.7 |
fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33349
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37
|
| tar |
CVE-2026-53655 |
中危 |
6.2.1 |
7.5.16 |
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| fast-xml-parser |
CVE-2026-41650 |
中危 |
4.4.1 |
5.7.0 |
fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-05-07 15:16 修改: 2026-06-17 10:46
|
| file-type |
CVE-2026-31808 |
中危 |
20.4.1 |
21.3.1 |
file-type: file-type: Denial of Service due to infinite loop in ASF file parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34
|
| file-type |
CVE-2026-32630 |
中危 |
20.4.1 |
21.3.2 |
file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32630
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-16 14:19 修改: 2026-06-17 10:36
|
| follow-redirects |
GHSA-r4q5-vmmm-2653 |
中危 |
1.15.6 |
1.16.0 |
follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets
漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11
|
| axios |
CVE-2025-62718 |
中危 |
1.8.4 |
1.15.0, 0.31.0 |
axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-09 15:16 修改: 2026-07-01 13:16
|
| axios |
CVE-2026-40175 |
中危 |
1.8.4 |
1.15.0, 0.31.0 |
axios: Axios: Remote Code Execution via Prototype Pollution escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-10 20:16 修改: 2026-06-30 03:19
|
| axios |
CVE-2026-42034 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| axios |
CVE-2026-42036 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| axios |
CVE-2026-42037 |
中危 |
1.8.4 |
1.15.1 |
axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| ip-address |
CVE-2026-42338 |
中危 |
9.0.5 |
10.1.1 |
ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16
|
| js-yaml |
CVE-2025-64718 |
中危 |
4.1.0 |
4.1.1, 3.14.2 |
js-yaml: js-yaml prototype pollution in merge
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55
|
| js-yaml |
CVE-2026-53550 |
中危 |
4.1.0 |
4.2.0, 3.15.0 |
js-yaml: js-yaml: Denial of Service via crafted YAML merge keys
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-06-22 16:16 修改: 2026-06-29 16:16
|
| tar |
CVE-2026-53655 |
中危 |
7.4.3 |
7.5.16 |
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| tar |
CVE-2026-53655 |
中危 |
7.4.3 |
7.5.16 |
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| uuid |
CVE-2026-41907 |
中危 |
11.1.0 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
|
| uuid |
CVE-2026-41907 |
中危 |
9.0.1 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
|
| axios |
CVE-2026-42038 |
中危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Information disclosure due to `no_proxy` bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| validator |
CVE-2025-56200 |
中危 |
13.12.0 |
13.15.20 |
validator.js has a URL validation bypass vulnerability in its isURL function
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-56200
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-09-30 18:15 修改: 2026-07-05 02:16
|
| yaml |
CVE-2026-33532 |
中危 |
2.7.1 |
2.8.3, 1.10.3 |
yaml: yaml: Denial of Service via deeply nested YAML document parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33532
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-26 20:16 修改: 2026-06-17 10:37
|
| nodemailer |
GHSA-c7w3-x93f-qmm8 |
低危 |
6.10.1 |
8.0.4 |
Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter
漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26
|
| next |
CVE-2025-48068 |
低危 |
14.2.26 |
15.2.2, 14.2.30 |
next.js: Information exposure in Next.js dev server due to lack of origin verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48068
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2025-05-30 04:15 修改: 2026-06-17 09:29
|
| next |
CVE-2026-44572 |
低危 |
14.2.26 |
15.5.16, 16.2.5 |
next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50
|
| next |
CVE-2026-44582 |
低危 |
14.2.26 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning allows incorrect response delivery
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-05-13 18:16 修改: 2026-06-17 10:50
|
| brace-expansion |
CVE-2025-5889 |
低危 |
2.0.1 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48
|
| brace-expansion |
CVE-2025-5889 |
低危 |
2.0.1 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48
|
| qs |
CVE-2026-2391 |
低危 |
6.14.0 |
6.14.2 |
qs: qs's arrayLimit bypass in comma parsing allows denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30
|
| diff |
CVE-2026-24001 |
低危 |
4.0.2 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17
|
| fast-xml-parser |
CVE-2026-27942 |
低危 |
4.4.1 |
5.3.8, 4.5.4 |
fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27942
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27
|
| diff |
CVE-2026-24001 |
低危 |
5.2.0 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:816163c8de126bb86476e07a621b5336c40f2b68ff137a8d8924ab2298dd3b55
发布日期: 2026-01-22 03:15 修改: 2026-06-30 03:17
|
| axios |
CVE-2026-42040 |
低危 |
1.8.4 |
1.15.1, 0.31.1 |
axios: Axios: Incorrect null byte handling can lead to data integrity issues
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47
|
| webpack |
CVE-2025-68157 |
低危 |
5.94.0 |
5.104.0 |
webpack: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68157
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:58
|
| webpack |
CVE-2025-68458 |
低危 |
5.94.0 |
5.104.1 |
webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68458
镜像层: sha256:a847244784a4bc5bca3d8e0168cb52737a2efc5d0c2ce2f46919d3660799be1f
发布日期: 2026-02-05 23:15 修改: 2026-06-17 09:59
|
| @smithy/config-resolver |
GHSA-6475-r3vj-m8vf |
低危 |
4.1.0 |
4.4.0 |
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
漏洞详情: https://github.com/advisories/GHSA-6475-r3vj-m8vf
镜像层: sha256:822e57ada1ef2cf560fb0f0fa2b13fefaf334333adb95f6943313690e0a74c6b
发布日期: 2026-01-08 21:52 修改: 2026-01-08 21:52
|