ghcr.io/cedar2025/xboard:8e4864b linux/amd64

ghcr.io/cedar2025/xboard:8e4864b - Trivy安全扫描结果 扫描时间: 2026-07-06 16:50
全部漏洞信息
低危漏洞:6 中危漏洞:21 高危漏洞:10 严重漏洞:0

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-07-06 16:50

ghcr.io/cedar2025/xboard:8e4864b (alpine 3.23.4) (alpine)
低危漏洞:1 中危漏洞:9 高危漏洞:6 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libexpat CVE-2026-45186 高危 2.7.5-r0 2.8.1-r0 libexpat: denial of service via crafted XML input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45186

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-05-10 07:16 修改: 2026-06-30 03:20

libssh2 CVE-2026-55199 高危 1.11.1-r2 1.11.1-r3 libssh2: libssh2: Denial of Service via crafted SSH_MSG_EXT_INFO message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55199

镜像层: sha256:88d3b98d20593b12965cad7b1fd17035b105d0d08268aaca555fc685e168eae2

发布日期: 2026-06-17 20:17 修改: 2026-06-26 19:16

libssh2 CVE-2026-55200 高危 1.11.1-r2 1.11.1-r3 libssh2: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55200

镜像层: sha256:88d3b98d20593b12965cad7b1fd17035b105d0d08268aaca555fc685e168eae2

发布日期: 2026-06-17 20:17 修改: 2026-07-01 05:16

libssh2-dev CVE-2026-55199 高危 1.11.1-r2 1.11.1-r3 libssh2: libssh2: Denial of Service via crafted SSH_MSG_EXT_INFO message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55199

镜像层: sha256:88d3b98d20593b12965cad7b1fd17035b105d0d08268aaca555fc685e168eae2

发布日期: 2026-06-17 20:17 修改: 2026-06-26 19:16

libssh2-dev CVE-2026-55200 高危 1.11.1-r2 1.11.1-r3 libssh2: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55200

镜像层: sha256:88d3b98d20593b12965cad7b1fd17035b105d0d08268aaca555fc685e168eae2

发布日期: 2026-06-17 20:17 修改: 2026-07-01 05:16

libxml2 CVE-2026-6732 高危 2.13.9-r0 2.13.9-r1 libxml2: libxml2: Denial of Service via crafted XSD-validated document

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6732

镜像层: sha256:77fb0c91ca4fd1e5b59d8b625a20f5b5972a9f42758da99fd9657304f8952755

发布日期: 2026-04-23 23:16 修改: 2026-06-30 20:16

libexpat CVE-2026-56406 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56406

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:29

libexpat CVE-2026-56410 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Integer overflow in xmlwf can lead to information disclosure and arbitrary code execution.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56410

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:18

libexpat CVE-2026-56411 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Integer Overflow Vulnerability Leading to Information Disclosure or Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56411

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 17:16 修改: 2026-06-23 16:16

libexpat CVE-2026-56412 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Use-after-free vulnerability due to improper handling of XML CDATA sections

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56412

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 17:16 修改: 2026-06-23 15:31

libexpat CVE-2026-50219 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Use-after-free vulnerability due to improper handler call depth tracking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50219

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-04 06:16 修改: 2026-06-17 10:57

libexpat CVE-2026-56132 中危 2.7.5-r0 2.8.2-r0 expat: libexpat: Arbitrary Code Execution via Heap-based Buffer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56132

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

libexpat CVE-2026-56403 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Arbitrary code execution due to integer overflow in storeAtts

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56403

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56404 中危 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in addBinding.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56404

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:15

libexpat CVE-2026-56405 中危 2.7.5-r0 2.8.2-r0 libexpat: libexpat: Information disclosure and arbitrary code execution via integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56405

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 20:14

libexpat CVE-2026-41080 低危 2.7.5-r0 2.8.1-r0 libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41080

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-04-16 17:16 修改: 2026-06-17 10:46

libexpat CVE-2026-56407 未知 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in doProlog that is rela ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56407

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:28

libexpat CVE-2026-56408 未知 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 has an integer overflow in copyString.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56408

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:27

libexpat CVE-2026-56409 未知 2.7.5-r0 2.8.2-r0 xmlwf in libexpat before 2.8.2 has an integer overflow for the output ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56409

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-21 16:16 修改: 2026-06-23 16:21

libexpat CVE-2026-56131 未知 2.7.5-r0 2.8.2-r0 libexpat before 2.8.2 lacks handler call depth tracking for calls to X ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-56131

镜像层: sha256:4542bf601b2c394544ef644655d2e1534f6ebeb4226285752ec9f152ab120825

发布日期: 2026-06-19 06:17 修改: 2026-06-23 20:15

www/vendor/composer/installed.json (composer-vendor)
低危漏洞:5 中危漏洞:12 高危漏洞:4 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
google/protobuf CVE-2026-6409 高危 v4.31.1 4.33.6 A Denial of Service (DoS) vulnerability exists in the Protobuf PHP lib ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6409

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-04-16 15:17 修改: 2026-06-17 11:00

laravel/framework GHSA-5vg9-5847-vvmq 高危 v12.54.1 13.10.0, 12.60.0 Laravel Framework: CRLF injection in default email rule

漏洞详情: https://github.com/advisories/GHSA-5vg9-5847-vvmq

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-17 13:53 修改: 2026-06-17 13:53

symfony/http-kernel CVE-2026-45075 高危 v7.4.7 8.0.12, 7.4.12 CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45075

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/mime CVE-2026-45067 高危 v7.4.7 5.0.0, 5.1.0, 5.4.0, 5.4.52, 6.1.0, 6.4.0, 7.1.0, 8.0.12, 3.0.0, 5.2.0, 6.3.0, 7.3.0, 5.3.0, 6.2.0, 6.4.40, 7.2.0, 7.4.0, 7.4.12, 4.0.0 CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45067

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

guzzlehttp/psr7 CVE-2026-49214 中危 2.9.0 2.10.2 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49214

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-11 13:16 修改: 2026-06-17 10:55

guzzlehttp/psr7 CVE-2026-55766 中危 2.9.0 2.12.1 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55766

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-23 16:17 修改: 2026-06-30 17:17

guzzlehttp/guzzle CVE-2026-55568 中危 7.10.0 7.12.1 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain c ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55568

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-23 16:17 修改: 2026-06-26 19:34

laravel/framework GHSA-crmm-hgp2-wgrp 中危 v12.54.1 13.12.0, 12.61.1 Laravel Framework: Temporary Signed URL Path Confusion

漏洞详情: https://github.com/advisories/GHSA-crmm-hgp2-wgrp

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-17 13:54 修改: 2026-06-17 13:54

league/commonmark CVE-2026-33347 中危 2.8.1 2.8.2 league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33347

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-03-24 20:16 修改: 2026-06-17 10:37

symfony/http-foundation CVE-2026-48736 中危 v7.4.7 7.4.0, 7.4.13, 8.0.13, 6.4.41, 7.1.0, 7.2.0, 7.3.0 CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48736

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

guzzlehttp/guzzle CVE-2026-55767 中危 7.10.0 7.12.1 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-55767

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-23 16:17 修改: 2026-06-26 19:34

symfony/mailer CVE-2026-45068 中危 v7.4.6 5.1.0, 5.2.0, 5.3.0, 5.4.0, 6.1.0, 6.2.0, 6.4.0, 3.0.0, 4.0.0, 5.4.52, 6.3.0, 7.1.0, 7.3.0, 7.4.12, 6.4.40, 5.0.0, 7.2.0, 7.4.0, 8.0.12 CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45068

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

guzzlehttp/psr7 CVE-2026-48998 中危 2.9.0 2.10.2 guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48998

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2026-06-11 13:16 修改: 2026-06-17 10:55

symfony/mime CVE-2026-45070 中危 v7.4.7 5.3.0, 5.4.52, 7.1.0, 4.0.0, 5.1.0, 5.4.0, 6.1.0, 6.4.0, 8.0.12, 6.4.40, 7.2.0, 7.4.12, 5.0.0, 6.2.0, 6.3.0, 7.3.0, 7.4.0, 3.0.0, 5.2.0 CVE-2026-45070: Email Header Injection via Non-Token Characters in Mime Parameter Names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45070

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/routing CVE-2026-45065 中危 v7.4.6 5.4.0, 6.1.0, 6.4.40, 7.4.0, 7.4.12, 5.2.0, 7.3.0, 8.0.12, 5.0.0, 5.3.0, 5.4.52, 6.2.0, 6.3.0, 6.4.0, 7.1.0, 3.0.0, 4.0.0, 7.2.0, 5.1.0 CVE-2026-45065: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45065

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/routing CVE-2026-48784 中危 v7.4.6 5.4.53, 6.2.0, 6.3.0, 6.4.41, 7.4.13, 8.0.13, 4.0.0, 5.3.0, 7.4.0, 3.0.0, 5.0.0, 5.1.0, 5.4.0, 6.1.0, 7.1.0, 7.2.0, 7.3.0, 5.2.0, 6.4.0 CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48784

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

firebase/php-jwt CVE-2025-45769 低危 v6.11.1 7.0.0 php-jwt contains weak encryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45769

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 2025-07-31 20:15 修改: 2026-06-17 09:25

symfony/polyfill-intl-idn CVE-2026-46644 低危 v1.33.0 1.38.1 [insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46644

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/yaml CVE-2026-45133 低危 v7.3.1 6.3.0, 6.4.0, 6.4.40, 7.1.0, 7.2.0, 5.0.0, 5.3.0, 6.1.0, 6.2.0, 7.4.12, 3.0.0, 5.1.0, 5.2.0, 5.4.0, 8.0.12, 4.0.0, 5.4.52, 7.3.0, 7.4.0 CVE-2026-45133: YAML Parser Stack Exhaustion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45133

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/yaml CVE-2026-45304 低危 v7.3.1 7.4.0, 8.0.12, 6.3.0, 7.4.12, 5.1.0, 5.2.0, 5.3.0, 6.2.0, 7.1.0, 7.2.0, 7.3.0, 3.0.0, 5.0.0, 6.1.0, 6.4.40, 4.0.0, 5.4.0, 5.4.52, 6.4.0 CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45304

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

symfony/yaml CVE-2026-45305 低危 v7.3.1 7.2.0, 7.3.0, 7.4.0, 7.4.12, 8.0.12, 6.4.40, 4.0.0, 5.0.0, 5.1.0, 5.3.0, 6.1.0, 6.2.0, 7.1.0, 5.2.0, 5.4.0, 6.3.0, 6.4.0, 3.0.0, 5.4.52 CVE-2026-45305: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45305

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

laravel/framework CVE-2026-48019 未知 v12.54.1 12.0.0, 12.60.0, 13.10.0, 10.0.0, 11.0.0 [CRLF injection in default email rule]

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48019

镜像层: sha256:d45f40e60dadb85e5a9c22342b719acc21ca814c4604b5bfb4ecfff5942c388a

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×