ghcr.io/berriai/litellm-database:v1.87.2 - Trivy镜像安全扫描结果

全部漏洞信息

低危漏洞:0

中危漏洞:14

高危漏洞:5

严重漏洞:0

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-11 16:15

ghcr.io/berriai/litellm-database:v1.87.2 (wolfi 20230201) (wolfi)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:4

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
picomatch	CVE-2026-33671	高危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671 镜像层: sha256:c04617b548d838453099d750a009c292f10989ab9aa033bdf0eece77255c63d8 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
brace-expansion	CVE-2026-45149	中危	5.0.4	5.0.6	The brace-expansion library generates arbitrary strings containing a c ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:c04617b548d838453099d750a009c292f10989ab9aa033bdf0eece77255c63d8 发布日期: 2026-05-29 20:16 修改: 2026-06-03 20:13
ip-address	CVE-2026-42338	中危	10.1.0	10.1.1	ip-address is a library for parsing and manipulating IPv4 and IPv6 add ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:c04617b548d838453099d750a009c292f10989ab9aa033bdf0eece77255c63d8 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
brace-expansion	CVE-2026-33750	中危	5.0.4	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:c04617b548d838453099d750a009c292f10989ab9aa033bdf0eece77255c63d8 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch	CVE-2026-33672	中危	4.0.3	4.0.4, 3.0.2, 2.3.2	picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672 镜像层: sha256:c04617b548d838453099d750a009c292f10989ab9aa033bdf0eece77255c63d8 发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44

Python (python-pkg)

低危漏洞:0

中危漏洞:8

高危漏洞:4

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
granian	CVE-2026-42544	高危	2.5.7	2.7.4	Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42544 镜像层: sha256:961f9b310df793eeb24b489751386f5b1184f5850922b61abe672b56b5905ac1 发布日期: 2026-05-12 22:16 修改: 2026-05-18 16:16
granian	CVE-2026-42544	高危	2.5.7	2.7.4	Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42544 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-05-12 22:16 修改: 2026-05-18 16:16
setuptools	CVE-2024-6345	高危	68.1.2	70.0.0	pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2024-07-15 01:15 修改: 2026-04-15 00:35
setuptools	CVE-2025-47273	高危	68.1.2	78.1.1	setuptools: Path Traversal Vulnerability in setuptools PackageIndex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
aiohttp	CVE-2026-34993	中危	3.13.5	3.14.0	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:961f9b310df793eeb24b489751386f5b1184f5850922b61abe672b56b5905ac1 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp	CVE-2026-34993	中危	3.13.5	3.14.0	AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
granian	CVE-2026-42545	中危	2.5.7	2.7.4	Granian vulnerable to DoS via WSGI response header panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42545 镜像层: sha256:961f9b310df793eeb24b489751386f5b1184f5850922b61abe672b56b5905ac1 发布日期: 2026-05-12 22:16 修改: 2026-05-14 13:16
granian	CVE-2026-42545	中危	2.5.7	2.7.4	Granian vulnerable to DoS via WSGI response header panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42545 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-05-12 22:16 修改: 2026-05-14 13:16
aiohttp	CVE-2026-47265	中危	3.13.5	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:961f9b310df793eeb24b489751386f5b1184f5850922b61abe672b56b5905ac1 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
aiohttp	CVE-2026-47265	中危	3.13.5	3.14.0	python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
starlette	CVE-2026-48710	中危	0.50.0	1.0.1	starlette: Starlette: Security restriction bypass via malformed HTTP Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710 镜像层: sha256:961f9b310df793eeb24b489751386f5b1184f5850922b61abe672b56b5905ac1 发布日期: 2026-05-26 22:16 修改: 2026-06-03 02:14
starlette	CVE-2026-48710	中危	0.50.0	1.0.1	starlette: Starlette: Security restriction bypass via malformed HTTP Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-05-26 22:16 修改: 2026-06-03 02:14

root/.cache/uv/archive-v0/kP_hVrX5WbD82CMEgzgyH/uv_build-0.11.8.data/scripts/uv-build (rustbinary)

低危漏洞:0

中危漏洞:2

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
rkyv	GHSA-vfvv-c25p-m7mm	中危	0.8.15	0.8.16	rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution 漏洞详情: https://github.com/advisories/GHSA-vfvv-c25p-m7mm 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-05-15 18:09 修改: 2026-05-15 18:09
tar	GHSA-3pv8-6f4r-ffg2	中危	0.4.45	0.4.46	tar has a PAX header desynchronization issue 漏洞详情: https://github.com/advisories/GHSA-3pv8-6f4r-ffg2 镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25 发布日期: 2026-05-29 19:16 修改: 2026-05-29 19:16

软件包

漏洞

安全状态

安装版本

修复版本

漏洞信息

rkyv

GHSA-vfvv-c25p-m7mm

中危

0.8.15

0.8.16

rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution

漏洞详情: https://github.com/advisories/GHSA-vfvv-c25p-m7mm

镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25

发布日期: 2026-05-15 18:09 修改: 2026-05-15 18:09

tar

GHSA-3pv8-6f4r-ffg2

中危

0.4.45

0.4.46

tar has a PAX header desynchronization issue

漏洞详情: https://github.com/advisories/GHSA-3pv8-6f4r-ffg2

镜像层: sha256:4b3a7c9c2af60709697e8711e6c87766bbb794f668918bde95c2967e3e28db25

发布日期: 2026-05-29 19:16 修改: 2026-05-29 19:16

ghcr.io/berriai/litellm-database:v1.87.2 linux/amd64

全部漏洞信息

ghcr.io/berriai/litellm-database:v1.87.2 (wolfi 20230201) (wolfi)

Node.js (node-pkg)

Python (python-pkg)

root/.cache/uv/archive-v0/kP_hVrX5WbD82CMEgzgyH/uv_build-0.11.8.data/scripts/uv-build (rustbinary)