docker.io/zzx112587/aicartoontool:0.2.6-2 linux/amd64

docker.io/zzx112587/aicartoontool:0.2.6-2 - Trivy安全扫描结果 扫描时间: 2026-06-18 16:57
全部漏洞信息
低危漏洞:3 中危漏洞:12 高危漏洞:9 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-18 16:57

docker.io/zzx112587/aicartoontool:0.2.6-2 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:3 中危漏洞:12 高危漏洞:9 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
next CVE-2026-44573 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:24
next CVE-2026-44574 高危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Authorization bypass via crafted query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44574

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:37
next CVE-2026-44575 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Unauthorized access to protected content via middleware bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44575

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:38
next CVE-2026-44578 高危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next CVE-2026-44579 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Denial of Service via crafted POST requests to server actions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44579

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next CVE-2026-45109 高危 16.1.6 15.5.18, 16.2.6 next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45109

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 14:14
next GHSA-8h8q-6873-q5fj 高危 16.1.6 15.5.16, 16.2.5 Next.js Vulnerable to Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
next GHSA-q4gf-8mx6-v5v3 高危 16.1.6 15.5.15, 16.2.3 Next.js has a Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
next CVE-2026-27978 中危 16.1.6 16.1.7 next.js: Next.js: null origin can bypass Server Actions CSRF checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27978

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:05
next CVE-2026-27979 中危 16.1.6 16.1.7 next.js: Next.js: Unbounded postponed resume buffering can lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27979

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-03-18 01:16 修改: 2026-03-18 20:04
next CVE-2026-27980 中危 16.1.6 16.1.7, 15.5.14 next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:52
next CVE-2026-29057 中危 16.1.6 16.1.7, 15.5.13 next.js: Next.js: HTTP request smuggling in rewrites

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:49
next CVE-2026-44576 中危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning vulnerability in React Server Components

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 17:16 修改: 2026-05-14 13:44
next CVE-2026-44577 中危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Denial of Service via Image Optimization API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 17:16 修改: 2026-05-13 20:00
next CVE-2026-44580 中危 16.1.6 15.5.16, 16.2.5 Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:33
next CVE-2026-44581 中危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:30
brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
next CVE-2026-27977 低危 16.1.6 16.1.7 next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27977

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:08
next CVE-2026-44572 低危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 16:16 修改: 2026-05-15 15:46
next CVE-2026-44582 低危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning allows incorrect response delivery

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582

镜像层: sha256:71ee251390d7a4fb14eea484661dd75dbfa5da11851e2f28492f74708f54fb24

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:15