docker.io/zzx112587/aicartoontool:0.2.6-3 linux/amd64

docker.io/zzx112587/aicartoontool:0.2.6-3 - Trivy安全扫描结果 扫描时间: 2026-06-22 15:53
全部漏洞信息
低危漏洞:5 中危漏洞:13 高危漏洞:10 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-22 15:53

docker.io/zzx112587/aicartoontool:0.2.6-3 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:5 中危漏洞:13 高危漏洞:10 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
next CVE-2026-44573 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44573

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:24
next CVE-2026-44574 高危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Authorization bypass via crafted query parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44574

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:37
next CVE-2026-44575 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Unauthorized access to protected content via middleware bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44575

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 17:16 修改: 2026-05-14 12:38
next CVE-2026-44578 高危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44578

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next CVE-2026-44579 高危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Denial of Service via crafted POST requests to server actions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44579

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:34
next CVE-2026-45109 高危 16.1.6 15.5.18, 16.2.6 next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45109

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 14:14
next GHSA-8h8q-6873-q5fj 高危 16.1.6 15.5.16, 16.2.5 Next.js Vulnerable to Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-8h8q-6873-q5fj

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-11 14:50 修改: 2026-05-11 14:50
next GHSA-q4gf-8mx6-v5v3 高危 16.1.6 15.5.15, 16.2.3 Next.js has a Denial of Service with Server Components

漏洞详情: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-04-10 15:35 修改: 2026-04-10 15:35
picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
undici CVE-2026-12151 高危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:7d45486ba6303b08d519ac0c0872ea025f13e4eae093bd2a7563cb2e117f0e6e

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
next CVE-2026-27978 中危 16.1.6 16.1.7 next.js: Next.js: null origin can bypass Server Actions CSRF checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27978

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:05
next CVE-2026-27979 中危 16.1.6 16.1.7 next.js: Next.js: Unbounded postponed resume buffering can lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27979

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-03-18 01:16 修改: 2026-03-18 20:04
next CVE-2026-27980 中危 16.1.6 16.1.7, 15.5.14 next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27980

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:52
next CVE-2026-29057 中危 16.1.6 16.1.7, 15.5.13 next.js: Next.js: HTTP request smuggling in rewrites

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29057

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-03-18 01:16 修改: 2026-03-18 19:49
next CVE-2026-44576 中危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning vulnerability in React Server Components

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44576

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 17:16 修改: 2026-05-14 13:44
next CVE-2026-44577 中危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Denial of Service via Image Optimization API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44577

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 17:16 修改: 2026-05-13 20:00
next CVE-2026-44580 中危 16.1.6 15.5.16, 16.2.5 Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44580

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:33
next CVE-2026-44581 中危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44581

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:30
brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:67d07178115b6011759cff40cd14f51892e5400b489de3499a8b3c07a8329ac7

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
undici CVE-2026-9679 中危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:7d45486ba6303b08d519ac0c0872ea025f13e4eae093bd2a7563cb2e117f0e6e

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
next CVE-2026-44582 低危 16.1.6 15.5.16, 16.2.5 Next.js: Next.js: Cache poisoning allows incorrect response delivery

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44582

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 18:16 修改: 2026-05-14 18:15
next CVE-2026-27977 低危 16.1.6 16.1.7 next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27977

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-03-18 00:16 修改: 2026-03-18 20:08
next CVE-2026-44572 低危 16.1.6 15.5.16, 16.2.5 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44572

镜像层: sha256:9570560cf26bff27be9e03d66880945084f6e76c4325a1a5e5f85159e3fd6897

发布日期: 2026-05-13 16:16 修改: 2026-05-15 15:46
undici CVE-2026-11525 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:7d45486ba6303b08d519ac0c0872ea025f13e4eae093bd2a7563cb2e117f0e6e

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
undici CVE-2026-6733 低危 6.26.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:7d45486ba6303b08d519ac0c0872ea025f13e4eae093bd2a7563cb2e117f0e6e

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×