docker.io/wekanteam/wekan:v9.95 linux/amd64

docker.io/wekanteam/wekan:v9.95 - Trivy安全扫描结果 扫描时间: 2026-07-16 23:26
全部漏洞信息
低危漏洞:13 中危漏洞:87 高危漏洞:36 严重漏洞:0

系统OS: ubuntu 26.04 扫描引擎: Trivy 扫描时间: 2026-07-16 23:26

docker.io/wekanteam/wekan:v9.95 (ubuntu 26.04) (ubuntu)
低危漏洞:6 中危漏洞:51 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
bsdutils CVE-2026-27456 中危 1:2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

bsdutils CVE-2026-3184 中危 1:2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libblkid1 CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libblkid1 CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libc-bin CVE-2026-4046 中危 2.43-2ubuntu2 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-30 18:16 修改: 2026-07-14 13:18

libc-bin CVE-2026-4437 中危 2.43-2ubuntu2 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc-bin CVE-2026-4438 中危 2.43-2ubuntu2 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc-bin CVE-2026-5435 中危 2.43-2ubuntu2 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 13:19 修改: 2026-07-14 13:19

libc-bin CVE-2026-6238 中危 2.43-2ubuntu2 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 19:37 修改: 2026-07-14 13:19

libc-gconv-modules-extra CVE-2026-4046 中危 2.43-2ubuntu2 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-30 18:16 修改: 2026-07-14 13:18

libc-gconv-modules-extra CVE-2026-4437 中危 2.43-2ubuntu2 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc-gconv-modules-extra CVE-2026-4438 中危 2.43-2ubuntu2 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc-gconv-modules-extra CVE-2026-5435 中危 2.43-2ubuntu2 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 13:19 修改: 2026-07-14 13:19

libc-gconv-modules-extra CVE-2026-6238 中危 2.43-2ubuntu2 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 19:37 修改: 2026-07-14 13:19

libc6 CVE-2026-4046 中危 2.43-2ubuntu2 glibc: glibc: Denial of Service via iconv() function with specific character sets

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-30 18:16 修改: 2026-07-14 13:18

libc6 CVE-2026-4437 中危 2.43-2ubuntu2 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc6 CVE-2026-4438 中危 2.43-2ubuntu2 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-03-20 20:16 修改: 2026-07-14 13:18

libc6 CVE-2026-5435 中危 2.43-2ubuntu2 glibc: glibc: Out-of-bounds write via TSIG record processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 13:19 修改: 2026-07-14 13:19

libc6 CVE-2026-6238 中危 2.43-2ubuntu2 glibc: glibc: Application crash or uninitialized memory read via crafted DNS response

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-28 19:37 修改: 2026-07-14 13:19

libmount1 CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libmount1 CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libsmartcols1 CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libsmartcols1 CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libuuid1 CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libuuid1 CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

login CVE-2026-27456 中危 1:4.16.0-2+really2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

login CVE-2026-3184 中危 1:4.16.0-2+really2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

mount CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

mount CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

rust-coreutils CVE-2026-35341 中危 0.8.0-0ubuntu3 A vulnerability in uutils coreutils mkfifo allows for the unauthorized ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35341

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35344 中危 0.8.0-0ubuntu3 The dd utility in uutils coreutils suppresses errors during file trunc ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35344

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35345 中危 0.8.0-0ubuntu3 A vulnerability in the tail utility of uutils coreutils allows for the ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35345

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35348 中危 0.8.0-0ubuntu3 The sort utility in uutils coreutils is vulnerable to a process panic ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35348

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35350 中危 0.8.0-0ubuntu3 The cp utility in uutils coreutils fails to properly handle setuid and ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35350

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35351 中危 0.8.0-0ubuntu3 The mv utility in uutils coreutils fails to preserve file ownership du ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35351

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35352 中危 0.8.0-0ubuntu3 A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35352

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35354 中危 0.8.0-0ubuntu3 A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35354

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35357 中危 0.8.0-0ubuntu3 The cp utility in uutils coreutils is vulnerable to an information dis ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35357

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35359 中危 0.8.0-0ubuntu3 A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utilit ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35359

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35360 中危 0.8.0-0ubuntu3 The touch utility in uutils coreutils is vulnerable to a Time-of-Check ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35360

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35363 中危 0.8.0-0ubuntu3 A vulnerability in the rm utility of uutils coreutils allows the bypas ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35363

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35364 中危 0.8.0-0ubuntu3 A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35364

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35367 中危 0.8.0-0ubuntu3 The nohup utility in uutils coreutils creates its default output file, ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35367

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35368 中危 0.8.0-0ubuntu3 A vulnerability exists in the chroot utility of uutils coreutils when ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35368

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35370 中危 0.8.0-0ubuntu3 The id utility in uutils coreutils miscalculates the groups= section o ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35370

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35371 中危 0.8.0-0ubuntu3 The id utility in uutils coreutils exhibits incorrect behavior in its ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35371

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35373 中危 0.8.0-0ubuntu3 A logic error in the ln utility of uutils coreutils causes the program ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35373

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35374 中危 0.8.0-0ubuntu3 A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the sp ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35374

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

rust-coreutils CVE-2026-35377 中危 0.8.0-0ubuntu3 A logic error in the env utility of uutils coreutils causes a failure ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35377

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-22 17:16 修改: 2026-06-17 10:40

util-linux CVE-2026-27456 中危 2.41.3-3ubuntu2 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

util-linux CVE-2026-3184 中危 2.41.3-3ubuntu2 util-linux: util-linux: Access control bypass due to improper hostname canonicalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3184

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-03 19:17 修改: 2026-06-17 10:43

libsystemd0 CVE-2026-40228 低危 259.5-0ubuntu3 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

libudev1 CVE-2026-40228 低危 259.5-0ubuntu3 systemd: systemd-journald: Unintended output to user terminals via logger command

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:44

passwd CVE-2024-56433 低危 1:4.17.4-2ubuntu3 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

libgcrypt20 CVE-2024-2236 低危 1.12.0-2ubuntu1 libgcrypt: vulnerable to Marvin Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2024-03-06 22:15 修改: 2026-06-17 07:24

login.defs CVE-2024-56433 低危 1:4.17.4-2ubuntu3 shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2024-12-26 09:15 修改: 2026-06-17 08:12

zlib1g CVE-2026-27171 低危 1:1.3.dfsg+really1.3.1-1ubuntu3 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:bda804a4cb7af887d97ad0c3fdbcb7778643cfd0bf248da7d60e5ff904f67121

发布日期: 2026-02-18 04:16 修改: 2026-06-17 10:26

Node.js (node-pkg)
低危漏洞:7 中危漏洞:27 高危漏洞:27 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22

lodash.template CVE-2021-23337 高危 4.5.0 nodejs-lodash: command injection via template

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23337

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2021-02-15 13:15 修改: 2026-06-17 03:38

lodash.template CVE-2026-4800 高危 4.5.0 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-31 20:16 修改: 2026-07-15 02:22

nodemailer GHSA-p6gq-j5cr-w38f 高危 8.0.3 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

openpgp CVE-2025-47934 高危 5.11.1 5.11.3, 6.1.1 OpenPGP.js's message signature verification can be spoofed

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47934

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-05-19 19:15 修改: 2026-06-17 09:28

picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

sigstore CVE-2026-48815 高危 4.1.0 4.1.1 sigstore: Sigstore: Unauthorized certificates accepted due to ignored `certificateOIDs` verification option

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tmp CVE-2026-44705 高危 0.2.3 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

underscore CVE-2026-27601 高危 1.13.7 1.13.8 Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27601

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-03 23:15 修改: 2026-06-17 10:27

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-05-12 20:16 修改: 2026-07-15 02:21

@babel/runtime CVE-2025-27789 中危 7.20.7 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-21 20:16 修改: 2026-07-15 02:17

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

@babel/runtime CVE-2025-27789 中危 7.20.7 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

@babel/runtime CVE-2025-27789 中危 7.20.7 7.26.10, 8.0.0-alpha.17 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27789

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-03-11 20:15 修改: 2026-06-17 09:04

@sigstore/core CVE-2026-48758 中危 3.2.0 3.2.1 sigstore-core: @sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23

nodemailer GHSA-268h-hp4c-crq3 中危 8.0.3 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 8.0.3 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 8.0.3 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 8.0.3 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

@sigstore/verify CVE-2026-48816 中危 3.1.0 3.1.1 sigstore-js: sigstore-js: Insufficient verification of data authenticity allows timestamp manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48816

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-14 21:17 修改: 2026-07-15 20:23

brace-expansion CVE-2026-33750 中危 5.0.4 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-26 22:16 修改: 2026-06-17 10:37

postcss CVE-2026-41305 中危 8.5.1 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-04-24 03:16 修改: 2026-06-17 10:46

qs CVE-2025-15284 中危 6.13.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2025-15284 中危 6.13.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2026-8723 中危 6.13.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

qs CVE-2026-8723 中危 6.13.0 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

brace-expansion CVE-2026-45149 中危 5.0.4 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

uuid CVE-2026-41907 中危 3.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

qs CVE-2026-2391 低危 6.13.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

qs CVE-2026-2391 低危 6.13.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

tmp CVE-2025-54798 低危 0.2.3 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

diff CVE-2026-24001 低危 3.5.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-01-22 03:15 修改: 2026-07-15 02:18

cookie CVE-2024-47764 低危 0.4.1 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

nodemailer GHSA-c7w3-x93f-qmm8 低危 8.0.3 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

on-headers CVE-2025-7339 低危 1.0.2 1.1.0 on-headers: on-headers vulnerable to http response header manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7339

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04

build/bsondump (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/ferretdb (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.25.11 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.25.11 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongodump (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongoexport (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongofiles (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongoimport (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongorestore (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongostat (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

build/mongotop (gobinary)
低危漏洞:0 中危漏洞:1 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
stdlib CVE-2026-39822 高危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39822

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 14:54

stdlib CVE-2026-42505 中危 v1.26.4 1.25.12, 1.26.5, 1.27.0-rc.2 crypto/tls: golang: Go crypto/tls: Information disclosure in Encrypted Client Hello

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42505

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 2026-07-08 17:17 修改: 2026-07-13 17:05

golang.org/x/crypto GO-2026-5932 未知 v0.53.0 The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues

漏洞详情:

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

golang.org/x/text CVE-2026-56852 未知 v0.38.0 0.39.0 Infinite loop on invalid input in golang.org/x/text

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56852

镜像层: sha256:cdb815e6fb157e8955422b3af06f2baf43c911d78d4d38363ece05680787eb90

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

/build/programs/web.browser.legacy/9ae158174dd4ee6a58a879ffb6baa31ac3d783a3.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
/build/programs/web.browser/abcc23b511ca230cda10d35d80906756c4a37e39.js ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×