docker.io/zhaiker/sillytavernmod:latest linux/amd64

docker.io/zhaiker/sillytavernmod:latest - Trivy安全扫描结果 扫描时间: 2026-07-09 15:47
全部漏洞信息
低危漏洞:30 中危漏洞:51 高危漏洞:36 严重漏洞:1

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-07-09 15:47

docker.io/zhaiker/sillytavernmod:latest (alpine 3.23.4) (alpine)
低危漏洞:21 中危漏洞:17 高危漏洞:7 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
git-lfs CVE-2025-26625 高危 3.7.0-r9 3.7.1-r0 git-lfs: Git LFS may write to arbitrary files via crafted symlinks

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26625

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2025-10-17 16:15 修改: 2026-06-17 09:02

libcrypto3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-07-06 13:16

libexpat CVE-2026-45186 高危 2.7.5-r0 2.8.1-r0 libexpat: denial of service via crafted XML input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-05-10 07:16 修改: 2026-06-30 03:20

libexpat CVE-2026-56131 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56131

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56407 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in doProlog that is rela ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56407

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:28

libexpat CVE-2026-56408 高危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in copyString.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56408

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:27

libssl3 CVE-2026-45447 高危 3.5.6-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-07-06 13:16

libcrypto3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libexpat CVE-2026-50219 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

libexpat CVE-2026-56132 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56403 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56404 中危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in addBinding.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56404

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56405 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

libexpat CVE-2026-56406 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

libexpat CVE-2026-56410 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56410

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:18

libexpat CVE-2026-56411 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Integer Overflow Vulnerability Leading to Information Disclosure or Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56411

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 17:16 修改: 2026-06-23 16:16

libexpat CVE-2026-56412 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

libcrypto3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34182 中危 3.5.6-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34183 中危 3.5.6-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42764 中危 3.5.6-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45445 中危 3.5.6-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libcrypto3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libcrypto3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libexpat CVE-2026-41080 低危 2.7.5-r0 2.8.1-r0 libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41080

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-04-16 17:16 修改: 2026-06-17 10:46

libcrypto3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-34180 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34181 低危 3.5.6-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42766 低危 3.5.6-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42767 低危 3.5.6-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42768 低危 3.5.6-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42769 低危 3.5.6-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42770 低危 3.5.6-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45446 低危 3.5.6-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-7383 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libssl3 CVE-2026-9076 低危 3.5.6-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libexpat CVE-2026-56409 未知 2.7.5-r0 2.8.2-r0 xmlwf in libexpat before 2.8.2 has an integer overflow for the output ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56409

镜像层: sha256:906f27ab207ec9effeb8aa9373558ebee27a84a3a617f0e78915bcccf0e9f3e8

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:21

Node.js (node-pkg)
低危漏洞:9 中危漏洞:34 高危漏洞:29 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
protobufjs CVE-2026-41242 严重 6.11.4 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-04-18 17:16 修改: 2026-06-30 03:19

axios CVE-2026-44487 高危 1.15.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44488 高危 1.15.2 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

axios CVE-2026-44492 高危 1.15.2 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44494 高危 1.15.2 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-07 12:16

axios CVE-2026-44496 高危 1.15.2 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

fast-uri CVE-2026-6321 高危 3.1.0 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-04 20:16 修改: 2026-07-02 12:17

fast-uri CVE-2026-6322 高危 3.1.0 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-05 11:16 修改: 2026-07-03 13:17

form-data CVE-2026-12143 高危 4.0.5 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-12 19:16 修改: 2026-07-02 12:16

linkify-it CVE-2026-48801 高危 3.0.3 5.0.1 LinkifyIt#match scan loop has quadratic algorithmic complexity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48801

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

lodash CVE-2026-4800 高危 4.17.21 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

lodash-es CVE-2026-4800 高危 4.17.23 4.18.0 lodash: lodash: Arbitrary code execution via untrusted input in template imports

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-31 20:16 修改: 2026-07-03 13:17

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

multer CVE-2026-5079 高危 2.1.1 2.2.0, 3.0.0-alpha.2 Multer vulnerable to Denial of Service via deeply nested field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5079

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 14:16 修改: 2026-06-17 10:58

nodemailer GHSA-p6gq-j5cr-w38f 高危 8.0.1 9.0.1 Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

漏洞详情: https://github.com/advisories/GHSA-p6gq-j5cr-w38f

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28

axios CVE-2026-44486 高危 1.15.2 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-44289 高危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-07-01 13:17

protobufjs CVE-2026-44290 高危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-07-02 12:17

protobufjs CVE-2026-48712 高危 6.11.4 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

sigstore CVE-2026-48815 高危 4.1.0 4.1.1 sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48815

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

simple-git CVE-2026-6951 高危 3.33.0 3.36.0 simple-git: simple-git: Remote Code Execution due to incomplete fix bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6951

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-04-25 06:16 修改: 2026-06-30 03:21

taffydb CVE-2019-10790 高危 2.6.2 taffy: taffydb: Internal Property Tampering

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10790

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2020-02-17 20:15 修改: 2026-06-17 02:11

tmp CVE-2026-44705 高危 0.2.1 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

underscore CVE-2026-27601 高危 1.13.4 1.13.8 Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27601

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-03 23:15 修改: 2026-06-17 10:27

undici CVE-2026-12151 高危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-06-17 17:16 修改: 2026-07-07 12:16

ws CVE-2026-48779 高危 8.18.3 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-17 13:20 修改: 2026-07-07 12:16

dompurify CVE-2026-49458 中危 3.4.2 3.4.6 DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49458

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

dompurify CVE-2026-49459 中危 3.4.2 3.4.6 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49459

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

dompurify CVE-2026-49978 中危 3.4.2 3.4.7 DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49978

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

dompurify GHSA-76mc-f452-cxcm 中危 3.4.2 3.4.7 DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

漏洞详情: https://github.com/advisories/GHSA-76mc-f452-cxcm

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 19:59 修改: 2026-06-15 19:59

multer CVE-2026-5038 中危 2.1.1 2.2.0, 3.0.0-alpha.2 Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5038

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 16:16 修改: 2026-06-17 10:58

dompurify GHSA-cmwh-pvxp-8882 中危 3.4.2 3.4.11 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)

漏洞详情: https://github.com/advisories/GHSA-cmwh-pvxp-8882

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-18 14:27 修改: 2026-06-18 14:27

nodemailer GHSA-268h-hp4c-crq3 中危 8.0.1 8.0.9 Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

漏洞详情: https://github.com/advisories/GHSA-268h-hp4c-crq3

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 17:36 修改: 2026-06-15 17:36

nodemailer GHSA-r7g4-qg5f-qqm2 中危 8.0.1 8.0.8 Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

漏洞详情: https://github.com/advisories/GHSA-r7g4-qg5f-qqm2

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 17:34 修改: 2026-06-15 17:34

nodemailer GHSA-vvjj-xcjg-gr5g 中危 8.0.1 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05

nodemailer GHSA-wqvq-jvpq-h66f 中危 8.0.1 8.0.9 Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

漏洞详情: https://github.com/advisories/GHSA-wqvq-jvpq-h66f

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 17:35 修改: 2026-06-15 17:35

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

@sigstore/core CVE-2026-48758 中危 3.2.0 3.2.1 @sigstore/core has DSSE payloadType type-binding failure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48758

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

file-type CVE-2026-31808 中危 16.5.4 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-10 21:16 修改: 2026-06-17 10:34

@sigstore/verify CVE-2026-48816 中危 3.1.0 3.1.1 sigstore-js has Insufficient Verification of Data Authenticity

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48816

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

ip-address CVE-2026-42338 中危 9.0.5 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-12 20:16 修改: 2026-07-07 12:16

protobufjs CVE-2026-44288 中危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 6.11.4 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 6.11.4 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 6.11.4 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2026-8723 中危 6.14.2 6.15.2 ### Summary `qs.stringify` throws `TypeError` when called with `arr ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-17 00:16 修改: 2026-06-17 11:04

showdown CVE-2024-1899 中危 2.1.0 Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1899

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2024-02-26 19:15 修改: 2026-06-17 07:05

axios CVE-2026-44490 中危 1.15.2 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

lodash CVE-2025-13465 中危 4.17.21 4.17.23 lodash: prototype pollution in _.unset and _.omit functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-01-21 20:16 修改: 2026-07-03 13:16

tar CVE-2026-53655 中危 7.5.13 7.5.16 node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (nod ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

lodash CVE-2026-2950 中危 4.17.21 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-05-29 20:16 修改: 2026-06-17 10:51

lodash-es CVE-2026-2950 中危 4.17.23 4.18.0 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-31 20:16 修改: 2026-06-17 10:32

undici CVE-2026-9679 中危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-06-17 18:18 修改: 2026-06-25 17:43

uuid CVE-2026-41907 中危 9.0.1 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

markdown-it CVE-2026-48988 中危 12.3.2 14.2.0 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-17 21:16 修改: 2026-06-24 19:06

ws CVE-2026-45736 中危 8.18.3 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-05-15 15:16 修改: 2026-07-02 12:17

tmp CVE-2025-54798 低危 0.2.1 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

dompurify GHSA-vxr8-fq34-vvx9 低危 3.4.2 3.4.9 DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

漏洞详情: https://github.com/advisories/GHSA-vxr8-fq34-vvx9

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

dompurify GHSA-x4vx-rjvf-j5p4 低危 3.4.2 DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

漏洞详情: https://github.com/advisories/GHSA-x4vx-rjvf-j5p4

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 20:00 修改: 2026-06-15 20:00

axios CVE-2026-44489 低危 1.15.2 1.16.0 axios: Axios: Information disclosure via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44489

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

undici CVE-2026-11525 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-06-17 18:17 修改: 2026-06-25 17:46

undici CVE-2026-6733 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:6bb471c7406ae9a3bf9187b352ef8892e3d5ab002b4e0d5e4fdb8a8130d2bd8d

发布日期: 2026-06-17 18:18 修改: 2026-06-27 23:46

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

dompurify GHSA-gvmj-g25r-r7wr 低危 3.4.2 3.4.8 DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

漏洞详情: https://github.com/advisories/GHSA-gvmj-g25r-r7wr

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-06-15 20:02 修改: 2026-06-15 20:02

nodemailer GHSA-c7w3-x93f-qmm8 低危 8.0.1 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:bb7f577d71f51f47d034f6a57635e6ec91ffef8ac4d52e9a5f1ba0eae89c2b70

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×