ghcr.io/berriai/litellm-database:main-latest linux/amd64

ghcr.io/berriai/litellm-database:main-latest - Trivy安全扫描结果扫描时间: 2026-06-11 16:26

全部漏洞信息

低危漏洞:11

中危漏洞:40

高危漏洞:16

严重漏洞:3

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-11 16:26

ghcr.io/berriai/litellm-database:main-latest (wolfi 20230201) (wolfi)

低危漏洞:3

中危漏洞:7

高危漏洞:4

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
python-3.13	CVE-2025-13462	严重	3.13.12-r3	3.13.13-r0	cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13462 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-12 18:16 修改: 2026-06-05 19:42
python-3.13	CVE-2026-3644	高危	3.13.12-r3	3.13.12-r7	cpython: Incomplete control character validation in http.cookies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3644 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-16 18:16 修改: 2026-06-04 19:30
python-3.13	CVE-2026-4224	高危	3.13.12-r3	3.13.12-r7	cpython: Stack overflow parsing XML with deeply nested DTD content models 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4224 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-16 18:16 修改: 2026-06-04 19:33
python-3.13	CVE-2026-4786	高危	3.13.12-r3	3.13.13-r2	python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4786 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-04-13 22:16 修改: 2026-04-29 16:16
python-3.13	CVE-2026-6100	高危	3.13.12-r3	3.13.13-r2	python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6100 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-04-13 18:16 修改: 2026-04-17 15:18
glibc	CVE-2026-4437	中危	2.43-r3	2.43-r4	glibc: glibc: Incorrect DNS response parsing via crafted DNS server response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4437 镜像层: sha256:c196518a561605e1e7aefe64bcc635e4843c353fb7ba8a75f14fcaff9c9f0cc4 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:41
glibc	CVE-2026-5450	中危	2.43-r3	2.43-r7	glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5450 镜像层: sha256:c196518a561605e1e7aefe64bcc635e4843c353fb7ba8a75f14fcaff9c9f0cc4 发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
glibc	CVE-2026-5928	中危	2.43-r3	2.43-r7	glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5928 镜像层: sha256:c196518a561605e1e7aefe64bcc635e4843c353fb7ba8a75f14fcaff9c9f0cc4 发布日期: 2026-04-20 21:16 修改: 2026-04-23 15:33
glibc	CVE-2026-4046	中危	2.43-r3	2.43-r6	glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:c196518a561605e1e7aefe64bcc635e4843c353fb7ba8a75f14fcaff9c9f0cc4 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
python-3.13	CVE-2026-1502	中危	3.13.12-r3	3.13.13-r2	python: Python: HTTP header injection via CR/LF in proxy tunnel headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1502 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-04-10 18:16 修改: 2026-06-04 15:16
python-3.13	CVE-2026-6019	中危	3.13.12-r3	3.13.13-r3	python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-04-22 20:16 修改: 2026-05-28 19:15
python-3.13	CVE-2026-8328	中危	3.13.12-r3	3.13.13-r6	The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4 ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8328 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-05-13 21:16 修改: 2026-05-14 16:21
glibc	CVE-2026-4438	低危	2.43-r3	2.43-r4	glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4438 镜像层: sha256:c196518a561605e1e7aefe64bcc635e4843c353fb7ba8a75f14fcaff9c9f0cc4 发布日期: 2026-03-20 20:16 修改: 2026-04-07 18:40
python-3.13	CVE-2026-3479	低危	3.13.12-r3	3.13.13-r0	python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3479 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-18 19:16 修改: 2026-04-07 18:16
python-3.13	CVE-2026-4519	低危	3.13.12-r3	3.13.12-r5	python: Python: Command-line option injection in webbrowser.open() via crafted URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4519 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-20 15:16 修改: 2026-04-16 14:53

Node.js (node-pkg)

低危漏洞:0

中危漏洞:12

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
picomatch	CVE-2026-33671	高危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
picomatch	CVE-2026-33671	高危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
brace-expansion	CVE-2026-33750	中危	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
brace-expansion	CVE-2026-33750	中危	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
brace-expansion	CVE-2026-45149	中危	5.0.4	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:59fde57805fec30cbbf146cffd4de66c7946c815ce68786c38235126808574b3 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
brace-expansion	CVE-2026-45149	中危	5.0.4	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
brace-expansion	CVE-2026-45149	中危	5.0.4	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
brace-expansion	CVE-2026-45149	中危	5.0.4	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
ip-address	CVE-2026-42338	中危	10.1.0	10.1.1	ip-address is a library for parsing and manipulating IPv4 and IPv6 add ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
ip-address	CVE-2026-42338	中危	10.1.0	10.1.1	ip-address is a library for parsing and manipulating IPv4 and IPv6 add ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
brace-expansion	CVE-2026-33750	中危	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:59fde57805fec30cbbf146cffd4de66c7946c815ce68786c38235126808574b3 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
brace-expansion	CVE-2026-33750	中危	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch	CVE-2026-33672	中危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
picomatch	CVE-2026-33672	中危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672 镜像层: sha256:41f9b48c17350a65c6c858db193567fa479f1e6765e9639cb570355d829c30bf 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44

Python (python-pkg)

低危漏洞:8

中危漏洞:21

高危漏洞:10

严重漏洞:2

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
litellm	CVE-2026-35030	严重	1.82.6	1.83.0	litellm: LiteLLM: Authentication bypass and privilege escalation via OIDC userinfo cache key collision 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35030 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-06 17:17 修改: 2026-04-07 20:20
litellm	CVE-2026-42208	严重	1.82.6	1.83.7	LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42208 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-08 04:16 修改: 2026-05-08 19:19
litellm	CVE-2026-35029	高危	1.82.6	1.83.0	litellm: LiteLLM: Remote code execution and privilege escalation via unrestricted proxy configuration endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35029 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-06 17:17 修改: 2026-04-29 20:16
litellm	CVE-2026-40217	高危	1.82.6	1.83.10	LiteLLM: LiteLLM: Arbitrary Code Execution via bytecode rewriting 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40217 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-10 14:16 修改: 2026-04-27 23:00
litellm	CVE-2026-42203	高危	1.82.6	1.83.7	litellm: LiteLLM: Arbitrary code execution via unsandboxed prompt templates 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42203 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-08 04:16 修改: 2026-05-13 17:14
litellm	CVE-2026-42271	高危	1.82.6	1.83.7	litellm: LiteLLM: Authenticated command execution via MCP stdio test endpoints 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42271 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-08 04:16 修改: 2026-06-09 01:22
litellm	GHSA-69x8-hrgq-fjj8	高危	1.82.6	1.83.0	LiteLLM: Password hash exposure and pass-the-hash authentication bypass 漏洞详情: https://github.com/advisories/GHSA-69x8-hrgq-fjj8 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-08 00:04 修改: 2026-04-08 00:04
pillow	CVE-2026-40192	高危	12.1.1	12.2.0	Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40192 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-15 23:16 修改: 2026-04-22 20:08
pillow	CVE-2026-42311	高危	12.1.1	12.2.0	Pillow is a Python imaging library. From version 10.3.0 to before vers ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42311 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-09 06:16 修改: 2026-05-14 20:27
python-multipart	CVE-2026-42561	高危	0.0.22	0.0.27	Python-Multipart is a streaming multipart parser for Python. Prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42561 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-13 21:16 修改: 2026-05-14 17:00
urllib3	CVE-2026-44431	高危	2.6.3	2.7.0	urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:56
urllib3	CVE-2026-44432	高危	2.6.3	2.7.0	urllib3: urllib3: Denial of Service due to excessive HTTP response decompression 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44432 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:49
aiohttp	CVE-2026-34993	中危	3.13.3	3.14.0	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp	CVE-2026-47265	中危	3.13.3	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
cryptography	CVE-2026-39892	中危	46.0.5	46.0.7	cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-08 21:17 修改: 2026-04-15 16:12
idna	CVE-2026-45409	中危	3.11	3.15	Internationalized Domain Names in Applications (IDNA) for Python provi ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-06-05 23:16 修改: 2026-06-08 15:02
aiohttp	CVE-2026-22815	中危	3.13.3	3.13.4	aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22815 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-06 16:48
pillow	CVE-2026-42308	中危	12.1.1	12.2.0	Pillow: python: Pillow: Denial of Service via integer overflow in font processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-09 06:16 修改: 2026-05-12 17:57
pillow	CVE-2026-42309	中危	12.1.1	12.2.0	Pillow: Pillow: Denial of Service via specially crafted coordinate input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42309 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-09 06:16 修改: 2026-05-12 17:57
pillow	CVE-2026-42310	中危	12.1.1	12.2.0	Pillow: Pillow: Denial of Service via malicious PDF processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42310 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-09 06:16 修改: 2026-05-12 17:55
pypdf	CVE-2026-33699	中危	6.9.1	6.9.2	pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33699 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-27 01:16 修改: 2026-04-01 16:01
pypdf	CVE-2026-40260	中危	6.9.1	6.10.0	pypdf is a free and open-source pure-python PDF library. In versions p ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40260 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-17 01:17 修改: 2026-04-22 20:16
pypdf	CVE-2026-41168	中危	6.9.1	6.10.1	pypdf: pypdf: Denial of Service via crafted PDF with oversized streams 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41168 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-22 21:17 修改: 2026-04-24 13:07
pypdf	CVE-2026-41312	中危	6.9.1	6.10.2	pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41312 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-22 22:16 修改: 2026-04-27 19:31
pypdf	CVE-2026-41313	中危	6.9.1	6.10.2	pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41313 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-22 22:16 修改: 2026-04-27 19:30
pypdf	CVE-2026-41314	中危	6.9.1	6.10.2	pypdf: pypdf: Denial of Service via crafted PDF with large image sizes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41314 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-22 22:16 修改: 2026-04-27 19:29
python-dotenv	CVE-2026-28684	中危	1.0.1	1.2.2	python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28684 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-20 17:16 修改: 2026-04-27 13:44
aiohttp	CVE-2026-34515	中危	3.13.3	3.13.4	aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34515 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-15 14:08
python-multipart	CVE-2026-40347	中危	0.0.22	0.0.26	python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40347 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-18 00:16 修改: 2026-04-24 16:51
requests	CVE-2026-25645	中危	2.32.5	2.33.0	requests: Requests: Security bypass due to predictable temporary file creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-25 17:16 修改: 2026-03-30 14:23
starlette	CVE-2026-48710	中危	0.49.1	1.0.1	starlette: Starlette: Security restriction bypass via malformed HTTP Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-05-26 22:16 修改: 2026-06-03 02:14
aiohttp	CVE-2026-34516	中危	3.13.3	3.13.4	aiohttp: AIOHTTP: Denial of Service via excessive multipart headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34516 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-15 13:57
aiohttp	CVE-2026-34525	中危	3.13.3	3.13.4	aiohttp: aiohttp: Security bypass via multiple Host headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34525 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:17 修改: 2026-04-16 16:21
aiohttp	CVE-2026-34517	低危	3.13.3	3.13.4	aiohttp: AIOHTTP: Denial of Service via large multipart form fields 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34517 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-15 13:54
aiohttp	CVE-2026-34518	低危	3.13.3	3.13.4	aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34518 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:17 修改: 2026-04-16 16:35
aiohttp	CVE-2026-34519	低危	3.13.3	3.13.4	aiohttp: aiohttp: Header injection vulnerability via reason parameter 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34519 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:17 修改: 2026-04-16 16:28
aiohttp	CVE-2026-34520	低危	3.13.3	3.13.4	aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34520 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:17 修改: 2026-04-16 16:24
Pygments	CVE-2026-4539	低危	2.19.2	2.20.0	pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4539 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-22 06:16 修改: 2026-04-29 01:00
cryptography	CVE-2026-34073	低危	46.0.5	46.0.6	python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-03-31 03:15 修改: 2026-04-06 15:30
aiohttp	CVE-2026-34513	低危	3.13.3	3.13.4	aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34513 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-15 14:16
aiohttp	CVE-2026-34514	低危	3.13.3	3.13.4	aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34514 镜像层: sha256:fa07fcf04d28216bf6211db81906e8c19d4e545b4247b395bcc55ec9f822c609 发布日期: 2026-04-01 21:16 修改: 2026-04-15 14:13