| lodash |
CVE-2026-4800 |
高危 |
4.17.21 |
4.18.0 |
lodash: lodash: Arbitrary code execution via untrusted input in template imports
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22
|
| lodash.template |
CVE-2021-23337 |
高危 |
4.5.0 |
|
nodejs-lodash: command injection via template
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2021-02-15 13:15 修改: 2026-06-17 03:38
|
| lodash.template |
CVE-2026-4800 |
高危 |
4.5.0 |
4.18.0 |
lodash: lodash: Arbitrary code execution via untrusted input in template imports
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22
|
| nodemailer |
GHSA-p6gq-j5cr-w38f |
高危 |
8.0.3 |
9.0.1 |
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28
|
| openpgp |
CVE-2025-47934 |
高危 |
5.11.1 |
5.11.3, 6.1.1 |
OpenPGP.js's message signature verification can be spoofed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47934
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-05-19 19:15 修改: 2026-06-17 09:28
|
| picomatch |
CVE-2026-33671 |
高危 |
4.0.3 |
4.0.4, 3.0.2, 2.3.2 |
picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37
|
| sigstore |
CVE-2026-48815 |
高危 |
4.1.0 |
4.1.1 |
sigstore: Sigstore: Unauthorized certificates accepted due to ignored `certificateOIDs` verification option
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34
|
| tmp |
CVE-2026-44705 |
高危 |
0.2.3 |
0.2.6 |
tmp is a temporary file and directory creator for node.js. Prior to 0. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51
|
| underscore |
CVE-2026-27601 |
高危 |
1.13.7 |
1.13.8 |
Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27601
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-03 23:15 修改: 2026-06-17 10:27
|
| ip-address |
CVE-2026-42338 |
中危 |
10.1.0 |
10.1.1 |
ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-05-12 20:16 修改: 2026-07-15 02:21
|
| @babel/runtime |
CVE-2025-27789 |
中危 |
7.20.7 |
7.26.10, 8.0.0-alpha.17 |
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04
|
| lodash |
CVE-2025-13465 |
中危 |
4.17.21 |
4.17.23 |
lodash: prototype pollution in _.unset and _.omit functions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-21 20:16 修改: 2026-07-15 02:17
|
| lodash |
CVE-2026-2950 |
中危 |
4.17.21 |
4.18.0 |
lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32
|
| @babel/runtime |
CVE-2025-27789 |
中危 |
7.20.7 |
7.26.10, 8.0.0-alpha.17 |
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04
|
| @babel/runtime |
CVE-2025-27789 |
中危 |
7.20.7 |
7.26.10, 8.0.0-alpha.17 |
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04
|
| @sigstore/core |
CVE-2026-48758 |
中危 |
3.2.0 |
3.2.1 |
sigstore-core: @sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23
|
| nodemailer |
GHSA-268h-hp4c-crq3 |
中危 |
8.0.3 |
8.0.9 |
Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection
漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36
|
| nodemailer |
GHSA-r7g4-qg5f-qqm2 |
中危 |
8.0.3 |
8.0.8 |
Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception
漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34
|
| nodemailer |
GHSA-vvjj-xcjg-gr5g |
中危 |
8.0.3 |
8.0.5 |
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)
漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05
|
| nodemailer |
GHSA-wqvq-jvpq-h66f |
中危 |
8.0.3 |
8.0.9 |
Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization
漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35
|
| @sigstore/verify |
CVE-2026-48816 |
中危 |
3.1.0 |
3.1.1 |
sigstore-js: sigstore-js: Insufficient verification of data authenticity allows timestamp manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48816
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23
|
| brace-expansion |
CVE-2026-33750 |
中危 |
5.0.4 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38
|
| picomatch |
CVE-2026-33672 |
中危 |
4.0.3 |
4.0.4, 3.0.2, 2.3.2 |
picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37
|
| postcss |
CVE-2026-41305 |
中危 |
8.5.1 |
8.5.10 |
postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46
|
| qs |
CVE-2025-15284 |
中危 |
6.13.0 |
6.14.1 |
qs: qs: Denial of Service via improper input validation in array parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37
|
| qs |
CVE-2025-15284 |
中危 |
6.13.0 |
6.14.1 |
qs: qs: Denial of Service via improper input validation in array parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37
|
| qs |
CVE-2026-8723 |
中危 |
6.13.0 |
6.15.2 |
### Summary `qs.stringify` throws `TypeError` when called with `arr ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04
|
| tar |
CVE-2026-53655 |
中危 |
6.2.1 |
7.5.16 |
node-tar: node-tar: File smuggling due to inconsistent tar archive parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| tar |
CVE-2026-53655 |
中危 |
6.2.1 |
7.5.16 |
node-tar: node-tar: File smuggling due to inconsistent tar archive parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| tar |
CVE-2026-53655 |
中危 |
6.2.1 |
7.5.16 |
node-tar: node-tar: File smuggling due to inconsistent tar archive parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| tar |
CVE-2026-53655 |
中危 |
7.5.11 |
7.5.16 |
node-tar: node-tar: File smuggling due to inconsistent tar archive parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03
|
| qs |
CVE-2026-8723 |
中危 |
6.13.0 |
6.15.2 |
### Summary `qs.stringify` throws `TypeError` when called with `arr ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04
|
| brace-expansion |
CVE-2026-45149 |
中危 |
5.0.4 |
5.0.6 |
brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51
|
| uuid |
CVE-2026-41907 |
中危 |
3.3.2 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
|
| uuid |
CVE-2026-41907 |
中危 |
8.3.2 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
|
| uuid |
CVE-2026-41907 |
中危 |
9.0.1 |
11.1.1, 12.0.1, 13.0.1 |
uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47
|
| qs |
CVE-2026-2391 |
低危 |
6.13.0 |
6.14.2 |
qs: qs's arrayLimit bypass in comma parsing allows denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30
|
| qs |
CVE-2026-2391 |
低危 |
6.13.0 |
6.14.2 |
qs: qs's arrayLimit bypass in comma parsing allows denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30
|
| tmp |
CVE-2025-54798 |
低危 |
0.2.3 |
0.2.4 |
tmp: tmp Symbolic Link Write Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40
|
| diff |
CVE-2026-24001 |
低危 |
3.5.0 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-01-22 03:15 修改: 2026-07-15 02:18
|
| cookie |
CVE-2024-47764 |
低危 |
0.4.1 |
0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57
|
| nodemailer |
GHSA-c7w3-x93f-qmm8 |
低危 |
8.0.3 |
8.0.4 |
Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter
漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26
|
| on-headers |
CVE-2025-7339 |
低危 |
1.0.2 |
1.1.0 |
on-headers: on-headers vulnerable to http response header manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7339
镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90
发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04
|