ghcr.io/cisagov/malcolm/dashboards:main linux/amd64

ghcr.io/cisagov/malcolm/dashboards:main - Trivy安全扫描结果 扫描时间: 2026-06-13 16:45
全部漏洞信息
低危漏洞:3 中危漏洞:67 高危漏洞:37 严重漏洞:0

系统OS: amazon 2023.11.20260511 (Amazon Linux) 扫描引擎: Trivy 扫描时间: 2026-06-13 16:45

ghcr.io/cisagov/malcolm/dashboards:main (amazon 2023.11.20260511 (Amazon Linux)) (amazon)
低危漏洞:0 中危漏洞:10 高危漏洞:11 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcap CVE-2026-27142 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 html/template: URLs in meta content attribute actions are not escaped in html/template

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27142

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-03-06 22:16 修改: 2026-04-21 14:30
libcap CVE-2026-33811 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33811

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-07 20:16 修改: 2026-05-12 20:23
libcap CVE-2026-33814 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33814

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-07 20:16 修改: 2026-05-13 14:41
libcap CVE-2026-39820 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39820

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-07 20:16 修改: 2026-05-13 15:10
libcap CVE-2026-39823 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39823

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:58
libcap CVE-2026-42499 高危 2.73-1.amzn2023.0.6 2.73-1.amzn2023.0.7 Pathological inputs could cause DoS through consumePhrase when parsing ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42499

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-07 20:16 修改: 2026-05-13 16:59
libsolv CVE-2026-48863 高危 0.7.22-1.amzn2023.0.2 0.7.22-1.amzn2023.0.4 libsolv: Stack-based buffer overflow in libsolv EdDSA PGP signature verification allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48863

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libsolv CVE-2026-48864 高危 0.7.22-1.amzn2023.0.2 0.7.22-1.amzn2023.0.4 libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48864

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-26 17:16 修改: 2026-05-28 19:22
libsolv CVE-2026-9149 高危 0.7.22-1.amzn2023.0.2 0.7.22-1.amzn2023.0.4 libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9149

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-21 00:16 修改: 2026-06-02 01:21
libsolv CVE-2026-9150 高危 0.7.22-1.amzn2023.0.2 0.7.22-1.amzn2023.0.4 libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9150

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-05-20 23:16 修改: 2026-06-02 18:57
rsync CVE-2026-43618 高危 3.4.0-1.amzn2023.0.3 3.4.0-1.amzn2023.0.4 rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43618

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-05-20 02:16 修改: 2026-05-21 20:34
jq CVE-2026-39956 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: missing runtime type checks for _strindices lead to crash and limited memory disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39956

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-13 23:16 修改: 2026-04-21 23:54
jq CVE-2026-39979 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39979

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-13 23:16 修改: 2026-04-23 16:50
jq CVE-2026-40164 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: jq: Denial of Service via crafted JSON object causing hash collisions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40164

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-14 00:16 修改: 2026-04-28 21:15
jq CVE-2026-43894 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: jq: Arbitrary Code Execution or Denial of Service via Signed Integer Overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43894

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-05-11 18:16 修改: 2026-05-13 17:01
jq CVE-2026-43896 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: stack overflow in recursive object merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43896

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-05-11 18:16 修改: 2026-05-13 22:34
jq CVE-2026-32316 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: jq: Denial of Service or potential arbitrary code execution due to integer overflow and heap-based buffer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32316

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-13 18:16 修改: 2026-04-22 16:29
jq CVE-2026-33947 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: unbounded Recursion in jv_setpath() / jv_getpath() / delpaths_sorted()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33947

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-13 22:16 修改: 2026-04-21 23:57
python3 CVE-2026-6019 中危 3.9.25-1.amzn2023.0.5 3.9.25-1.amzn2023.0.6 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-04-22 20:16 修改: 2026-05-28 19:15
python3-libs CVE-2026-6019 中危 3.9.25-1.amzn2023.0.5 3.9.25-1.amzn2023.0.6 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6019

镜像层: sha256:a3871aa5d2c6294fda44d64dbf86318d9c28d3e53315d918ab59835be0b76241

发布日期: 2026-04-22 20:16 修改: 2026-05-28 19:15
jq CVE-2026-33948 中危 1.7.1-51.amzn2023 1.8.1-59.amzn2023 jq: jq: Input validation bypass via embedded NUL bytes allows parser differential attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33948

镜像层: sha256:e2504e1be83259e91be47a30b13071746da8d5ff0aaf65eb47cf48f5563abdc9

发布日期: 2026-04-14 00:16 修改: 2026-04-21 23:48
Node.js (node-pkg)
低危漏洞:3 中危漏洞:57 高危漏洞:26 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
@hapi/content CVE-2026-35213 高危 5.0.2 6.0.1 @hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35213

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-06 21:16 修改: 2026-04-16 04:26
@hapi/content CVE-2026-44974 高危 5.0.2 6.0.2 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44974

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios CVE-2026-42033 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:02
axios CVE-2026-42035 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:58
axios CVE-2026-42043 高危 1.13.5 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:05
axios CVE-2026-42264 高危 1.13.5 1.15.2 Axios is a promise based HTTP client for the browser and Node.js. From ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-08 04:16 修改: 2026-05-13 17:53
axios CVE-2026-44486 高危 1.13.5 1.16.0, 0.32.0 Axios is a promise based HTTP client for the browser and Node.js. Prio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:20
axios CVE-2026-44487 高危 1.13.5 1.16.0, 0.32.0 Axios is a promise based HTTP client for the browser and Node.js. Prio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:19
axios CVE-2026-44488 高危 1.13.5 1.16.0 Axios is a promise based HTTP client for the browser and Node.js. Axio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:04
axios CVE-2026-44492 高危 1.13.5 1.16.0, 0.32.0 Axios is a promise based HTTP client for the browser and Node.js. Prio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:02
axios CVE-2026-44494 高危 1.13.5 1.16.0 Axios is a promise based HTTP client for the browser and Node.js. From ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 18:01
axios CVE-2026-44495 高危 1.13.5 1.15.2, 0.31.1 Axios is a promise based HTTP client for the browser and Node.js. From ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 14:16
axios CVE-2026-44496 高危 1.13.5 1.16.0, 0.32.0 Axios is a promise based HTTP client for the browser and Node.js. Axio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-12 18:00
basic-ftp CVE-2026-39983 高危 5.2.0 5.2.1 basic-ftp: basic-ftp: Command injection via CRLF sequences in file path parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39983

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-09 18:17 修改: 2026-04-14 20:07
basic-ftp CVE-2026-41324 高危 5.2.0 5.3.0 basic-ftp: basic-ftp: Denial of Service via unbounded memory growth from malicious directory listings

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41324

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 04:16 修改: 2026-04-27 17:48
basic-ftp CVE-2026-44240 高危 5.2.0 5.3.1 basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-12 21:16 修改: 2026-05-14 13:16
basic-ftp GHSA-6v7q-wjvx-w8wg 高危 5.2.0 5.2.2 basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

漏洞详情: https://github.com/advisories/GHSA-6v7q-wjvx-w8wg

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-10 20:18 修改: 2026-04-10 20:18
fast-uri CVE-2026-6321 高危 3.0.6 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri CVE-2026-6322 高危 3.0.6 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-uri CVE-2026-6321 高危 3.1.0 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri CVE-2026-6321 高危 3.1.0 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri CVE-2026-6322 高危 3.1.0 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-uri CVE-2026-6322 高危 3.1.0 3.1.2 fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-xml-builder CVE-2026-44665 高危 1.1.4 1.1.7 fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44665

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-13 16:16 修改: 2026-05-18 16:16
js-cookie CVE-2026-46625 高危 2.2.1 3.0.7 JavaScript Cookie is a JavaScript API for handling cookies, client-sid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46625

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-10 22:16 修改: 2026-06-11 17:16
tmp CVE-2026-44705 高危 0.2.5 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-11 20:59
axios CVE-2026-42042 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:05
axios CVE-2026-42044 中危 1.13.5 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:04
axios CVE-2026-44490 中危 1.13.5 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-06-11 17:16 修改: 2026-06-11 20:56
@hapi/wreck CVE-2026-44979 中危 17.2.0 18.1.1 @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@hapi/wreck CVE-2026-44979 中危 17.2.0 18.1.1 @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44979

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@hapi/wreck CVE-2026-48022 中危 17.2.0 18.1.2 @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48022

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@hapi/wreck CVE-2026-48022 中危 17.2.0 18.1.2 @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48022

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
brace-expansion CVE-2026-33750 中危 1.1.12 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
brace-expansion CVE-2026-33750 中危 1.1.12 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
dompurify CVE-2026-41238 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify CVE-2026-41238 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify CVE-2026-41238 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify CVE-2026-41239 中危 3.3.2 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify CVE-2026-41239 中危 3.3.2 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify CVE-2026-41239 中危 3.3.2 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify CVE-2026-41240 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify CVE-2026-41240 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify CVE-2026-41240 中危 3.3.2 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify GHSA-39q2-94rc-95cp 中危 3.3.2 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
dompurify GHSA-39q2-94rc-95cp 中危 3.3.2 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
dompurify GHSA-39q2-94rc-95cp 中危 3.3.2 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
dompurify CVE-2026-41238 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify CVE-2026-41238 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting bypass via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41238

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 18:16
dompurify CVE-2026-41239 中危 3.3.3 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify CVE-2026-41239 中危 3.3.3 3.4.0 DOMPurify: Vue 2: DOMPurify: Cross-site scripting due to incomplete sanitization of template expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41239

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-23 16:18
dompurify CVE-2026-41240 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify CVE-2026-41240 中危 3.3.3 3.4.0 DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41240

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-23 16:16 修改: 2026-04-29 14:58
dompurify GHSA-39q2-94rc-95cp 中危 3.3.3 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
dompurify GHSA-39q2-94rc-95cp 中危 3.3.3 3.4.0 DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

漏洞详情: https://github.com/advisories/GHSA-39q2-94rc-95cp

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-16 00:46 修改: 2026-04-16 00:46
@hapi/inert CVE-2026-48049 中危 6.0.5 7.1.1 @hapi/inert has a static-file confinement bypass via sibling-prefix path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48049

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios CVE-2025-62718 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62718

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-09 15:16 修改: 2026-05-21 20:38
axios CVE-2026-40175 中危 1.13.5 1.15.0, 0.31.0 axios: Axios: Remote Code Execution via Prototype Pollution escalation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40175

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-10 20:16 修改: 2026-05-20 02:16
axios CVE-2026-42034 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:59
axios CVE-2026-42036 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:57
axios CVE-2026-42037 中危 1.13.5 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:54
axios CVE-2026-42038 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:52
fast-xml-parser CVE-2026-41650 中危 5.5.9 5.7.0 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41650

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-07 15:16 修改: 2026-05-12 20:30
follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.11 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
ip-address CVE-2026-42338 中危 6.4.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
joi CVE-2026-48038 中危 14.3.1 18.2.1, 17.13.4 joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48038

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
axios CVE-2026-42039 中危 1.13.5 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 19:50
protocol-buffers-schema CVE-2026-5758 中危 3.6.0 3.6.1 protocol-buffers-schema: protocol-buffers-schema: Remote code execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5758

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-15 18:17 修改: 2026-04-17 15:17
showdown CVE-2024-1899 中危 2.1.0 Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1899

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2024-02-26 19:15 修改: 2025-09-18 16:25
axios CVE-2026-42041 中危 1.13.5 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:07
uuid CVE-2026-41907 中危 10.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 10.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 2.0.3 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 2.0.3 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 3.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 3.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 3.4.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 8.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 9.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 9.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
ws CVE-2026-45736 中危 8.18.0 8.20.1 ws is an open source WebSocket client and server for Node.js. Prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-15 15:16 修改: 2026-05-19 14:39
ws CVE-2026-45736 中危 8.18.0 8.20.1 ws is an open source WebSocket client and server for Node.js. Prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-05-15 15:16 修改: 2026-05-19 14:39
@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-03-03 05:17 修改: 2026-05-19 15:38
@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-03-03 05:17 修改: 2026-05-19 15:38
axios CVE-2026-42040 低危 1.13.5 1.15.1, 0.31.1 Axios is a promise based HTTP client for the browser and Node.js. Prio ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:34b5ce9fd03b9b53209fa3916277f27ba619762e3797768dc92174c56a31a750

发布日期: 2026-04-24 18:16 修改: 2026-04-27 20:09