ghcr.io/alistgo/alist:v3.60.0 linux/amd64

ghcr.io/alistgo/alist:v3.60.0 - Trivy安全扫描结果 扫描时间: 2026-05-14 14:14
全部漏洞信息
低危漏洞:5 中危漏洞:16 高危漏洞:8 严重漏洞:4

系统OS: alpine 3.20.7 扫描引擎: Trivy 扫描时间: 2026-05-14 14:14

ghcr.io/alistgo/alist:v3.60.0 (alpine 3.20.7) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
opt/alist/alist (gobinary)
低危漏洞:5 中危漏洞:16 高危漏洞:8 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
github.com/jackc/pgx/v5 CVE-2026-33816 严重 v5.5.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33816

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-07 16:16 修改: 2026-04-14 20:01
github.com/rclone/rclone CVE-2026-41176 严重 v1.67.0 1.73.5 github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41176

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-23 00:16 修改: 2026-04-27 18:19
github.com/rclone/rclone CVE-2026-41179 严重 v1.67.0 1.73.5 github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41179

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-23 00:16 修改: 2026-04-27 18:18
google.golang.org/grpc CVE-2026-33186 严重 v1.66.0 1.79.3 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33186

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-03-20 23:16 修改: 2026-04-10 20:49
github.com/golang-jwt/jwt/v4 CVE-2025-30204 高危 v4.5.0 4.5.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-03-21 22:15 修改: 2026-04-15 00:35
github.com/golang-jwt/jwt/v5 CVE-2025-30204 高危 v5.2.1 5.2.2 golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30204

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-03-21 22:15 修改: 2026-04-15 00:35
github.com/go-jose/go-jose/v4 CVE-2026-34986 高危 v4.0.5 4.1.4 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34986

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-06 17:17 修改: 2026-05-04 15:20
stdlib CVE-2026-33811 高危 v1.26.2 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
stdlib CVE-2026-33814 高危 v1.26.2 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 19:16
stdlib CVE-2026-39820 高危 v1.26.2 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39836 高危 v1.26.2 1.25.10, 1.26.3 Panic in Dial and LookupPort when handling NUL byte on Windows in net

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39836

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-42499 高危 v1.26.2 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
github.com/blevesearch/bleve/v2 CVE-2022-31022 中危 v2.4.2 2.5.0 Bleve is a text indexing library for go. Bleve includes HTTP utilities ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31022

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2022-06-01 20:15 修改: 2025-05-27 21:09
github.com/rclone/rclone CVE-2024-52522 中危 v1.67.0 1.68.2 rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52522

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2024-11-15 18:15 修改: 2026-04-15 00:35
github.com/ulikunitz/xz CVE-2025-58058 中危 v0.5.12 0.5.15 github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58058

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-08-28 22:15 修改: 2026-04-15 00:35
golang.org/x/crypto CVE-2025-47914 中危 v0.41.0 0.45.0 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
golang.org/x/crypto CVE-2025-58181 中危 v0.41.0 0.45.0 golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
golang.org/x/image CVE-2026-33809 中危 v0.19.0 0.38.0 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33809

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-03-25 19:16 修改: 2026-04-21 16:30
github.com/fatedier/frp CVE-2026-40910 中危 v0.68.0 0.68.1 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40910

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-21 21:16 修改: 2026-04-29 23:20
gopkg.in/square/go-jose.v2 CVE-2024-28180 中危 v2.6.0 jose-go: improper handling of highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28180

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2024-03-09 01:15 修改: 2025-12-03 20:29
github.com/go-chi/chi/v5 GHSA-vrw8-fxc6-2r93 中危 v5.0.12 5.2.2 chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

漏洞详情: https://github.com/advisories/GHSA-vrw8-fxc6-2r93

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-06-20 16:37 修改: 2025-10-13 15:41
github.com/nwaples/rardecode/v2 CVE-2025-11579 中危 v2.0.0-beta.4.0.20241112120701-034e449c6e78 2.2.0 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11579

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-10-10 12:15 修改: 2026-01-16 20:56
github.com/pion/dtls/v2 CVE-2026-26014 中危 v2.2.7 github.com/pion/dtls: Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26014

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-02-11 21:16 修改: 2026-02-25 17:40
github.com/quic-go/quic-go CVE-2025-64702 中危 v0.55.0 0.57.0 github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64702

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-12-11 21:15 修改: 2026-02-17 15:58
github.com/Azure/go-ntlmssp CVE-2026-32952 中危 v0.0.0-20221128193559-754e69321358 0.1.1 go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32952

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-04-24 03:16 修改: 2026-04-24 14:50
stdlib CVE-2026-39823 中危 v1.26.2 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
stdlib CVE-2026-39825 中危 v1.26.2 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39825

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 22:16
stdlib CVE-2026-39826 中危 v1.26.2 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag containing a ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39826

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-07 20:16 修改: 2026-05-08 15:16
github.com/cloudflare/circl CVE-2025-8556 低危 v1.3.7 1.6.1 github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8556

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2025-08-06 09:15 修改: 2026-04-15 00:35
github.com/golang-jwt/jwt/v4 CVE-2024-51744 低危 v4.5.0 4.5.1 golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-51744

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2024-11-04 22:15 修改: 2026-04-15 00:35
github.com/cloudflare/circl CVE-2026-1229 低危 v1.3.7 1.6.3 CIRCL has an incorrect calculation in secp384r1 CombinedMult

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1229

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-02-24 08:16 修改: 2026-03-03 00:29
github.com/disintegration/imaging CVE-2023-36308 低危 v1.6.2 disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36308

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2023-09-05 04:15 修改: 2025-11-04 18:15
github.com/jackc/pgx/v5 CVE-2026-41889 低危 v5.5.5 5.9.2 pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41889

镜像层: sha256:358cd3f4ede26be9d5fef61c5e99002560be97f82671cbeb0c2a1c0aaadb2d0a

发布日期: 2026-05-08 17:16 修改: 2026-05-08 17:16