ghcr.io/berriai/litellm:latest linux/amd64

ghcr.io/berriai/litellm:latest - Trivy安全扫描结果 扫描时间: 2026-06-22 00:41
全部漏洞信息
低危漏洞:33 中危漏洞:27 高危漏洞:10 严重漏洞:0

系统OS: wolfi 20230201 扫描引擎: Trivy 扫描时间: 2026-06-22 00:41

ghcr.io/berriai/litellm:latest (wolfi 20230201) (wolfi)
低危漏洞:22 中危漏洞:10 高危漏洞:5 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
busybox CVE-2023-39810 高危 1.37.0-r57 1.37.0-r58 busybox: CPIO command of Busybox allows attackers to execute a directory traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39810

镜像层: sha256:3c40083cbf9966b9da7f6e55a8dc664faa61deccd9f5d488d718e3d01f4aba29

发布日期: 2023-08-28 19:15 修改: 2025-04-24 20:15
busybox CVE-2026-26157 高危 1.37.0-r57 1.37.0-r58 busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26157

镜像层: sha256:3c40083cbf9966b9da7f6e55a8dc664faa61deccd9f5d488d718e3d01f4aba29

发布日期: 2026-02-11 21:16 修改: 2026-06-02 14:16
busybox CVE-2026-26158 高危 1.37.0-r57 1.37.0-r58 busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26158

镜像层: sha256:3c40083cbf9966b9da7f6e55a8dc664faa61deccd9f5d488d718e3d01f4aba29

发布日期: 2026-02-11 21:16 修改: 2026-06-02 14:16
libcrypto3 CVE-2026-45447 高危 3.6.2-r3 3.6.3-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libssl3 CVE-2026-45447 高危 3.6.2-r3 3.6.3-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libcrypto3 CVE-2026-34183 中危 3.6.2-r3 3.6.3-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libcrypto3 CVE-2026-35188 中危 3.6.2-r3 3.6.3-r0 Issue summary: A malicious server can exploit TLS OCSP stapling by del ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35188

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libcrypto3 CVE-2026-42764 中危 3.6.2-r3 3.6.3-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3 CVE-2026-45445 中危 3.6.2-r3 3.6.3-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-34182 中危 3.6.2-r3 3.6.3-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34182 中危 3.6.2-r3 3.6.3-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34183 中危 3.6.2-r3 3.6.3-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3 CVE-2026-35188 中危 3.6.2-r3 3.6.3-r0 Issue summary: A malicious server can exploit TLS OCSP stapling by del ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35188

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3 CVE-2026-42764 中危 3.6.2-r3 3.6.3-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3 CVE-2026-45445 中危 3.6.2-r3 3.6.3-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-42769 低危 3.6.2-r3 3.6.3-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libcrypto3 CVE-2026-42770 低危 3.6.2-r3 3.6.3-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3 CVE-2026-45446 低危 3.6.2-r3 3.6.3-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3 CVE-2026-7383 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libcrypto3 CVE-2026-9076 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3 CVE-2026-34180 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3 CVE-2026-34181 低危 3.6.2-r3 3.6.3-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3 CVE-2026-42765 低危 3.6.2-r3 3.6.3-r0 Issue summary: When a partial-chain certificate verification is enable ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42765

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:14
libcrypto3 CVE-2026-42766 低危 3.6.2-r3 3.6.3-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3 CVE-2026-42767 低危 3.6.2-r3 3.6.3-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3 CVE-2026-42768 低危 3.6.2-r3 3.6.3-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-34180 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-34181 低危 3.6.2-r3 3.6.3-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3 CVE-2026-42765 低危 3.6.2-r3 3.6.3-r0 Issue summary: When a partial-chain certificate verification is enable ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42765

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:14
libssl3 CVE-2026-42766 低危 3.6.2-r3 3.6.3-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3 CVE-2026-42767 低危 3.6.2-r3 3.6.3-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-42768 低危 3.6.2-r3 3.6.3-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-42769 低危 3.6.2-r3 3.6.3-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libssl3 CVE-2026-42770 低危 3.6.2-r3 3.6.3-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3 CVE-2026-45446 低危 3.6.2-r3 3.6.3-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libssl3 CVE-2026-7383 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libssl3 CVE-2026-9076 低危 3.6.2-r3 3.6.3-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:272d94535c70253a6a7cbb1d96838fd8fa9ed138aea2ce091f74f261095ac5b8

发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
Node.js (node-pkg)
低危漏洞:2 中危漏洞:5 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
undici CVE-2026-12151 高危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12151

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
brace-expansion CVE-2026-45149 中危 5.0.5 5.0.6 brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
undici CVE-2026-9679 中危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9679

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
undici CVE-2026-11525 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-11525

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
undici CVE-2026-6733 低危 6.25.0 6.27.0, 7.28.0, 8.5.0 undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6733

镜像层: sha256:4a9b5d18e9892dd03951ce302f4524014c562cbb9f25fa13fc6c75b668cec546

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
Python (python-pkg)
低危漏洞:9 中危漏洞:12 高危漏洞:4 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
PyJWT CVE-2026-48526 高危 2.12.0 2.13.0 python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:45
cryptography GHSA-537c-gmf6-5ccf 高危 46.0.7 48.0.1 Vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
python-multipart CVE-2026-53539 高危 0.0.27 0.0.30 python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53539

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
starlette CVE-2026-54283 高危 1.1.0 1.3.1 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54283

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-34993 中危 3.13.5 3.14.0 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:44
aiohttp CVE-2026-47265 中危 3.13.5 3.14.0 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-06-02 20:16 修改: 2026-06-05 13:39
aiohttp CVE-2026-54273 中危 3.13.5 3.14.1 aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54274 中危 3.13.5 3.14.1 aiohttp: Incomplete websocket frame payloads bypass memory limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54276 中危 3.13.5 3.14.1 aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54277 中危 3.13.5 3.14.1 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54278 中危 3.13.5 3.14.1 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
PyJWT CVE-2026-48522 中危 2.12.0 2.13.0 python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-05-28 16:16 修改: 2026-06-02 17:16
pydantic-settings GHSA-4xgf-cpjx-pc3j 中危 2.14.1 2.14.2 pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

漏洞详情: https://github.com/advisories/GHSA-4xgf-cpjx-pc3j

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-06-19 22:10 修改: 2026-06-19 22:10
pypdf GHSA-jm82-fx9c-mx94 中危 6.13.2 6.13.3 pypdf: Missing stream length values ignore defined limits

漏洞详情: https://github.com/advisories/GHSA-jm82-fx9c-mx94

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-06-18 14:28 修改: 2026-06-18 14:28
PyJWT CVE-2026-48523 中危 2.12.0 2.13.0 python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48523

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:44
PyJWT CVE-2026-48525 中危 2.12.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:45
PyJWT CVE-2026-48524 低危 2.12.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 2026-05-28 16:16 修改: 2026-06-01 17:44
aiohttp CVE-2026-50269 低危 3.13.5 3.14.0 aiohttp: CRLF injection in multipart headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54275 低危 3.13.5 3.14.1 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54279 低危 3.13.5 3.14.1 aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart CVE-2026-53537 低危 0.0.27 0.0.30 python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53537

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart CVE-2026-53538 低危 0.0.27 0.0.30 python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53538

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
python-multipart CVE-2026-53540 低危 0.0.27 0.0.31 python-multipart: Negative Content-Length in parse_form buffers the entire body in memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53540

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
aiohttp CVE-2026-54280 低危 3.13.5 3.14.1 aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
starlette CVE-2026-54282 低危 1.1.0 1.3.0 Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54282

镜像层: sha256:59bac7414d8109a47bad9518917def71480a865b94583ac88e45377074ef8da8

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×