docker.io/visortelle/dekaf:1.1.0 linux/amd64

docker.io/visortelle/dekaf:1.1.0 - Trivy安全扫描结果 扫描时间: 2026-06-18 11:34
全部漏洞信息
低危漏洞:8 中危漏洞:71 高危漏洞:50 严重漏洞:2

系统OS: oracle 9.7 扫描引擎: Trivy 扫描时间: 2026-06-18 11:34

docker.io/visortelle/dekaf:1.1.0 (oracle 9.7) (oracle)
低危漏洞:0 中危漏洞:21 高危漏洞:18 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
gnupg2 CVE-2025-68973 高危 2.3.3-4.el9 2.3.3-5.el9_7 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68973

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-28 17:16 修改: 2026-01-14 19:16
libarchive CVE-2026-4111 高危 3.5.3-6.el9_6 3.5.3-7.el9_7 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4111

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-03-13 19:55 修改: 2026-06-10 18:17
libarchive CVE-2026-4424 高危 3.5.3-6.el9_6 3.5.3-9.el9_7 libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4424

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-03-19 15:16 修改: 2026-06-10 18:17
libarchive CVE-2026-5121 高危 3.5.3-6.el9_6 3.5.3-9.el9_7 libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5121

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-03-30 08:16 修改: 2026-06-10 18:17
libbrotli CVE-2025-6176 高危 1.0.9-7.el9_5 1.0.9-9.el9_7 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-10-31 00:15 修改: 2026-04-15 00:35
libcap CVE-2026-4878 高危 2.48-10.el9 2.48-10.el9_7.1 libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4878

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-04-09 16:16 修改: 2026-06-11 10:16
libnghttp2 CVE-2026-27135 高危 1.43.0-6.el9 1.43.0-6.el9_7.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-03-18 18:16 修改: 2026-05-13 22:16
openssl-libs CVE-2025-11187 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11187

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-03-20 14:16
openssl-libs CVE-2025-15467 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-06-09 10:16
openssl-libs CVE-2025-15468 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
openssl-libs CVE-2025-15469 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15469

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl-libs CVE-2025-66199 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
openssl-libs CVE-2025-68160 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69418 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69420 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2025-69421 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2026-22795 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
openssl-libs CVE-2026-22796 高危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
glib2 CVE-2025-14512 中危 2.68.4-18.el9_7 2.68.4-18.el9_7.2 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14512

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-11 07:16 修改: 2026-06-10 18:16
libblkid CVE-2025-14104 中危 2.37.4-21.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc CVE-2025-15281 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc CVE-2026-0861 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
libcurl CVE-2025-9086 中危 7.76.1-34.el9 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
libmount CVE-2025-14104 中危 2.37.4-21.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc CVE-2026-0915 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
libsmartcols CVE-2025-14104 中危 2.37.4-21.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
libuuid CVE-2025-14104 中危 2.37.4-21.0.1.el9 2.37.4-21.0.1.el9_7 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14104

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-05 17:16 修改: 2026-04-19 20:16
glibc-common CVE-2025-15281 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-common CVE-2026-0861 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-common CVE-2026-0915 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
glibc-minimal-langpack CVE-2025-15281 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15281

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-20 14:16 修改: 2026-02-05 17:43
glibc-minimal-langpack CVE-2026-0861 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: Integer overflow in memalign leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0861

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-14 21:15 修改: 2026-02-03 18:26
glibc-minimal-langpack CVE-2026-0915 中危 2.34-231.0.1.el9_7.2 2.34-231.0.1.el9_7.10 glibc: glibc: Information disclosure via zero-valued network query

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0915

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-15 22:16 修改: 2026-01-23 19:36
curl CVE-2025-9086 中危 7.76.1-34.el9 7.76.1-35.el9_7.3 curl: libcurl: Curl out of bounds read for cookie path

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9086

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-09-12 06:15 修改: 2026-06-02 14:16
gnutls CVE-2025-14831 中危 3.8.3-9.el9 3.8.3-10.el9_7 gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14831

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-02-09 15:16 修改: 2026-06-10 18:16
gnutls CVE-2025-9820 中危 3.8.3-9.el9 3.8.3-10.el9_7 gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9820

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-26 20:16 修改: 2026-05-12 13:17
glib2 CVE-2025-13601 中危 2.68.4-18.el9_7 2.68.4-18.el9_7.1 glib: Integer overflow in in g_escape_uri_string()

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13601

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-11-26 15:15 修改: 2026-06-02 14:16
glib2 CVE-2025-14087 中危 2.68.4-18.el9_7 2.68.4-18.el9_7.2 glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14087

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2025-12-10 09:15 修改: 2026-06-10 18:16
openssl-libs CVE-2025-69419 中危 1:3.5.1-4.0.1.el9_7 1:3.5.1-7.0.1.el9_7 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:13b142d3e4f11ec895d382c2b75a269fde7818bcb40d86c0eb52b34e456ca76b

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
Java (jar)
低危漏洞:8 中危漏洞:50 高危漏洞:32 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.avro:avro CVE-2024-47561 严重 1.11.3 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-10-03 11:15 修改: 2025-07-10 21:04
org.asynchttpclient:async-http-client CVE-2024-53990 严重 2.12.1 2.12.4, 3.0.1 async-http-client: AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-53990

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-12-02 18:15 修改: 2026-04-15 00:35
commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-10-03 12:15 修改: 2025-07-10 21:10
io.airlift:aircompressor CVE-2024-36114 高危 0.20 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-29 21:15 修改: 2026-04-15 00:35
io.airlift:aircompressor CVE-2025-67721 高危 0.20 2.0.3 aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67721

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-12-12 23:15 修改: 2026-03-17 19:40
io.netty:netty-codec CVE-2026-42583 高危 4.1.105.Final 4.1.133.Final Netty is an asynchronous, event-driven network application framework. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:22
io.netty:netty-codec-dns CVE-2026-42579 高危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 17:16
io.netty:netty-codec-haproxy CVE-2026-44893 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44893

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:23
io.netty:netty-codec-haproxy CVE-2026-48059 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48059

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 01:56
io.netty:netty-codec-http CVE-2026-33870 高危 4.1.105.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-03-27 20:16 修改: 2026-03-30 20:12
io.netty:netty-codec-http CVE-2026-42584 高危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:15
io.netty:netty-codec-http CVE-2026-42587 高危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:20
io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.105.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-08-13 15:15 修改: 2025-11-04 22:16
io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.105.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-03-27 20:16 修改: 2026-03-30 20:10
io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:20
io.netty:netty-codec-redis CVE-2026-44250 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44250

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-11 22:16 修改: 2026-06-15 02:30
io.netty:netty-codec-redis CVE-2026-44890 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44890

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-11 22:16 修改: 2026-06-15 02:30
io.netty:netty-codec-redis CVE-2026-48006 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48006

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 01:56
io.netty:netty-codec-redis CVE-2026-50011 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-redis: Netty: Denial of Service via malicious Redis array header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50011

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 02:31
io.netty:netty-codec-smtp CVE-2025-59419 高危 4.1.105.Final 4.2.7.Final, 4.1.128.Final io.netty/netty-codec-smtp: Netty netty-codec-smtp SMTP Command Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59419

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-10-15 16:15 修改: 2026-04-15 00:35
io.netty:netty-handler CVE-2025-24970 高危 4.1.105.Final 4.1.118.Final io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-02-10 22:15 修改: 2025-09-05 17:20
io.netty:netty-handler CVE-2026-44249 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-11 22:16 修改: 2026-06-15 02:30
io.netty:netty-handler CVE-2026-45416 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:15
io.netty:netty-handler CVE-2026-50010 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 02:31
io.netty:netty-resolver-dns CVE-2026-45674 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:13
io.netty:netty-resolver-dns CVE-2026-47691 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 01:57
io.netty:netty-transport-sctp CVE-2026-46340 高危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46340

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:12
com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.14.2 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-06-25 17:15 修改: 2026-04-15 00:35
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.24.4 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-09-19 01:15 修改: 2025-09-26 17:10
org.asynchttpclient:async-http-client CVE-2026-45300 高危 2.12.1 3.0.10, 2.15.0 The AsyncHttpClient (AHC) library allows Java applications to easily e ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45300

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-05 20:17 修改: 2026-06-08 18:37
org.bouncycastle:bcprov-jdk18on CVE-2026-5598 高危 1.75 1.84 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5598

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-06-14 10:16
org.bouncycastle:bcprov-jdk18on CVE-2026-5598 高危 1.75 1.84 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5598

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-06-14 10:16
org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.13 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-14 12:16 修改: 2026-05-01 13:31
org.yaml:snakeyaml CVE-2022-1471 高危 1.33 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2022-12-01 11:15 修改: 2025-06-18 09:15
io.netty:netty-codec-http CVE-2025-67735 中危 4.1.105.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-12-16 01:15 修改: 2026-01-02 18:50
io.netty:netty-codec-redis CVE-2026-42586 中危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42586

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 18:02
io.netty:netty-codec-http CVE-2026-41417 中危 4.1.105.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-06 22:16 修改: 2026-05-11 14:29
io.netty:netty-common CVE-2024-47535 中危 4.1.105.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-11-12 16:15 修改: 2025-09-05 14:00
io.netty:netty-common CVE-2025-25193 中危 4.1.105.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-02-10 22:15 修改: 2025-06-11 15:36
io.netty:netty-codec-http CVE-2026-42580 中危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 14:03
io.netty:netty-codec-http CVE-2026-42581 中危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 13:14
io.netty:netty-codec-http CVE-2026-42585 中危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:24
io.netty:netty-codec-http CVE-2026-50020 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 02:31
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.14.2 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
ch.qos.logback:logback-core CVE-2025-11226 中危 1.4.14 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-10-01 08:15 修改: 2026-04-15 00:35
io.netty:netty-resolver-dns CVE-2026-45673 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:14
ch.qos.logback:logback-core CVE-2024-12798 中危 1.4.14 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-12-19 16:15 修改: 2026-04-15 00:35
io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 15:16 修改: 2026-06-15 02:11
org.apache.commons:commons-compress CVE-2023-42503 中危 1.22 1.24.0 apache-commons-compress: Denial of service via CPU consumption for malformed TAR file

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2023-09-14 08:15 修改: 2025-02-13 17:17
org.apache.commons:commons-compress CVE-2024-25710 中危 1.22 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-02-19 09:15 修改: 2025-11-04 17:15
org.apache.commons:commons-compress CVE-2024-26308 中危 1.22 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-02-19 09:15 修改: 2025-03-27 20:15
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.14.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.105.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 01:56
io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.105.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-06-12 16:16 修改: 2026-06-15 02:30
org.asynchttpclient:async-http-client CVE-2026-40490 中危 2.12.1 3.0.9, 2.14.5 async-http-client: AsyncHttpClient: Credential leakage via improper handling of authorization headers during redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40490

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-18 02:16 修改: 2026-04-20 18:59
org.bouncycastle:bcpkix-jdk18on CVE-2025-8916 中危 1.75 1.79 org.bouncycastle: BouncyCastle denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-08-13 10:15 修改: 2026-05-12 13:17
org.bouncycastle:bcpkix-jdk18on CVE-2025-8916 中危 1.75 1.79 org.bouncycastle: BouncyCastle denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-08-13 10:15 修改: 2026-05-12 13:17
org.bouncycastle:bcpkix-jdk18on CVE-2026-5588 中危 1.75 1.84 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
org.bouncycastle:bcpkix-jdk18on CVE-2026-5588 中危 1.75 1.84 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
io.netty:netty-codec-mqtt CVE-2026-44248 中危 4.1.105.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44248

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:15
io.netty:netty-codec CVE-2025-58057 中危 4.1.105.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-09-04 10:42 修改: 2025-09-08 16:45
org.bouncycastle:bcprov-jdk18on CVE-2024-29857 中危 1.75 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:17 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-29857 中危 1.75 1.78 org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:17 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30171 中危 1.75 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30171 中危 1.75 1.78 bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30172 中危 1.75 1.78 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-30172 中危 1.75 1.78 org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-14 15:21 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-34447 中危 1.75 1.78 org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-03 16:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2024-34447 中危 1.75 1.78 org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-05-03 16:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2025-8885 中危 1.75 1.78 bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-08-12 10:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2025-8885 中危 1.75 1.78 bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-08-12 10:15 修改: 2026-04-15 00:35
org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.75 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.75 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-04-15 10:16 修改: 2026-05-19 00:16
commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
org.eclipse.jetty:jetty-http CVE-2023-40167 中危 11.0.13 9.4.52, 10.0.16, 11.0.16, 12.0.1 jetty: Improper validation of HTTP/1 content-length

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2023-09-15 20:15 修改: 2024-11-21 08:18
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.13 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-10-14 16:15 修改: 2025-07-10 15:04
org.eclipse.jetty:jetty-server CVE-2023-26048 中危 11.0.13 9.4.51.v20230217, 10.0.14, 11.0.14 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2023-04-18 21:15 修改: 2024-11-21 07:50
org.eclipse.jetty:jetty-server CVE-2024-8184 中危 11.0.13 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-10-14 16:15 修改: 2025-11-03 20:17
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.105.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-03-25 20:15 修改: 2025-09-19 15:10
ch.qos.logback:logback-core CVE-2024-12801 低危 1.4.14 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2024-12-19 17:15 修改: 2026-04-15 00:35
commons-configuration:commons-configuration CVE-2025-46392 低危 1.10 apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-05-09 10:15 修改: 2025-07-16 14:52
org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.13 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-03-05 10:15 修改: 2026-03-06 20:30
ch.qos.logback:logback-core CVE-2026-1225 低危 1.4.14 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-01-22 10:16 修改: 2026-04-15 00:35
io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.105.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:54
org.eclipse.jetty:jetty-server CVE-2023-26049 低危 11.0.13 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2023-04-18 21:15 修改: 2024-11-21 07:50
org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh 低危 11.0.13 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06
io.netty:netty-codec-http CVE-2025-58056 低危 4.1.105.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:a73882a275a0283b4cbf33868b4fc5cfc02dfc6b7ab6c6f3ee29001400b3a7e7

发布日期: 2025-09-03 21:15 修改: 2025-09-08 16:46
Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息