| cross-spawn |
CVE-2024-21538 |
高危 |
7.0.3 |
7.0.5, 6.0.6 |
cross-spawn: regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2024-11-08 05:15 修改: 2026-04-15 00:35
|
| glob |
CVE-2025-64756 |
高危 |
10.4.2 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2025-11-17 18:15 修改: 2025-12-02 19:34
|
| minimatch |
CVE-2026-26996 |
高危 |
9.0.5 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-20 03:16 修改: 2026-03-06 21:32
|
| minimatch |
CVE-2026-27903 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
|
| minimatch |
CVE-2026-27904 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
|
| next |
CVE-2026-44573 |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:24
|
| next |
CVE-2026-44574 |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js: Next.js: Authorization bypass via crafted query parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44574
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:37
|
| next |
CVE-2026-44575 |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
next.js: Next.js: Unauthorized access to protected content via middleware bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44575
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:38
|
| next |
CVE-2026-44578 |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
|
| next |
CVE-2026-44579 |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
next.js: Next.js: Denial of Service via crafted POST requests to server actions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44579
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
|
| next |
CVE-2026-45109 |
高危 |
16.1.6 |
15.5.18, 16.2.6 |
next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45109
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 14:14
|
| next |
GHSA-8h8q-6873-q5fj |
高危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js Vulnerable to Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
|
| next |
GHSA-q4gf-8mx6-v5v3 |
高危 |
16.1.6 |
15.5.15, 16.2.3 |
Next.js has a Denial of Service with Server Components
漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
|
| picomatch |
CVE-2026-33671 |
高危 |
4.0.3 |
4.0.4, 3.0.2, 2.3.2 |
picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671
镜像层: sha256:d272527177c620950698e709903f1fed0e1bb4247e97edcaa30c09e40bdba515
发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-16 22:16 修改: 2026-02-18 16:20
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-20 01:15 修改: 2026-02-18 15:50
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-28 01:16 修改: 2026-02-02 14:30
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-20 02:16 修改: 2026-02-20 19:24
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
|
| next |
CVE-2026-29057 |
中危 |
16.1.6 |
16.1.7, 15.5.13 |
next.js: Next.js: HTTP request smuggling in rewrites
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:49
|
| next |
CVE-2026-44576 |
中危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning vulnerability in React Server Components
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 17:16 修改: 2026-05-14 13:44
|
| next |
CVE-2026-44577 |
中危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js: Next.js: Denial of Service via Image Optimization API
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 17:16 修改: 2026-05-13 20:00
|
| next |
CVE-2026-44580 |
中危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:33
|
| next |
CVE-2026-44581 |
中危 |
16.1.6 |
15.5.16, 16.2.5 |
next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:30
|
| ip-address |
CVE-2026-42338 |
中危 |
9.0.5 |
10.1.1 |
ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
|
| picomatch |
CVE-2026-33672 |
中危 |
4.0.3 |
4.0.4, 3.0.2, 2.3.2 |
picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672
镜像层: sha256:d272527177c620950698e709903f1fed0e1bb4247e97edcaa30c09e40bdba515
发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.1 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.2 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:d272527177c620950698e709903f1fed0e1bb4247e97edcaa30c09e40bdba515
发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
|
| ip-address |
CVE-2026-42338 |
中危 |
10.1.0 |
10.1.1 |
ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338
镜像层: sha256:d272527177c620950698e709903f1fed0e1bb4247e97edcaa30c09e40bdba515
发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
|
| next |
CVE-2026-27978 |
中危 |
16.1.6 |
16.1.7 |
next.js: Next.js: null origin can bypass Server Actions CSRF checks
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27978
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:05
|
| next |
CVE-2026-27979 |
中危 |
16.1.6 |
16.1.7 |
next.js: Next.js: Unbounded postponed resume buffering can lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27979
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-03-18 01:16 修改: 2026-03-18 20:04
|
| next |
CVE-2026-27980 |
中危 |
16.1.6 |
16.1.7, 15.5.14 |
next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:52
|
| next |
CVE-2026-44572 |
低危 |
16.1.6 |
15.5.16, 16.2.5 |
next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 16:16 修改: 2026-05-15 15:46
|
| next |
CVE-2026-44582 |
低危 |
16.1.6 |
15.5.16, 16.2.5 |
Next.js: Next.js: Cache poisoning allows incorrect response delivery
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:15
|
| brace-expansion |
CVE-2025-5889 |
低危 |
2.0.1 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2025-06-09 19:15 修改: 2026-04-29 01:00
|
| diff |
CVE-2026-24001 |
低危 |
5.2.0 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
|
| next |
CVE-2026-27977 |
低危 |
16.1.6 |
16.1.7 |
next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27977
镜像层: sha256:a7dd86e577d38feae1e31e97ee1dfb12abdad40634a4867b2d4b5c8557b34e17
发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:08
|