ghcr.io/deluxebear/n8n:2.20.6.1-chs linux/amd64

ghcr.io/deluxebear/n8n:2.20.6.1-chs - Trivy安全扫描结果 扫描时间: 2026-05-13 15:04
全部漏洞信息
低危漏洞:4 中危漏洞:31 高危漏洞:33 严重漏洞:3

系统OS: alpine 3.22 扫描引擎: Trivy 扫描时间: 2026-05-13 15:04

ghcr.io/deluxebear/n8n:2.20.6.1-chs (alpine 3.22) (alpine)
低危漏洞:0 中危漏洞:13 高危漏洞:15 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
musl CVE-2026-40200 高危 1.2.5-r10 1.2.5-r12 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
nghttp2-libs CVE-2026-27135 高危 1.65.0-r0 1.68.1 nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27135

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-18 18:16 修改: 2026-03-23 17:51
libcrypto3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
openssl CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
zlib CVE-2026-22184 高危 1.3.1-r2 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-01-07 21:16 修改: 2026-03-18 16:26
libpng CVE-2026-34757 中危 1.6.56-r0 1.6.57-r0 libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34757

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-09 15:16 修改: 2026-05-09 11:16
musl CVE-2026-6042 中危 1.2.5-r10 1.2.5-r11 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
libcrypto3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-13 19:54 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libexpat CVE-2026-32776 中危 2.7.4-r0 2.7.5-r0 libexpat: libexpat: Denial of Service due to NULL pointer dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32776

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
libexpat CVE-2026-32777 中危 2.7.4-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32777

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
libexpat CVE-2026-32778 中危 2.7.4-r0 2.7.5-r0 libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32778

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-16 14:19 修改: 2026-03-17 15:52
libssl3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-03-13 19:54 修改: 2026-05-12 13:17
openssl CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-03-13 19:54 修改: 2026-05-12 13:17
openssl CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
xz-libs CVE-2026-34743 中危 5.8.1-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:46fcfc111e43d44b8198136f430e90eef390265ac108933d8e4eb6d9e532160f

发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libssl3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
zlib CVE-2026-27171 中危 1.3.1-r2 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:42935f51cbd6729ded6946ec94e739b121d6daa77ffe069db3648f7c80a6f9b0

发布日期: 2026-02-18 04:16 修改: 2026-03-25 21:27
Node.js (node-pkg)
低危漏洞:4 中危漏洞:18 高危漏洞:18 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.204.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.207.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/exporter-prometheus CVE-2026-44902 高危 0.213.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/sdk-node CVE-2026-44902 高危 0.204.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/sdk-node CVE-2026-44902 高危 0.207.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@opentelemetry/sdk-node CVE-2026-44902 高危 0.213.0 0.217.0 Prometheus exporter process crash via malformed HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44902

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
fast-uri CVE-2026-6321 高危 3.0.1 3.1.1 fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri CVE-2026-6322 高危 3.0.1 3.1.2 fast-uri normalize() decoded percent-encoded authority delimiters insi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
fast-xml-builder CVE-2026-44665 高危 1.1.5 1.1.7 fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44665

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
minimatch CVE-2026-27903 高危 10.2.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
minimatch CVE-2026-27904 高危 10.2.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
protobufjs CVE-2026-44289 高危 7.5.5 7.5.6, 8.0.2 protobuf.js: Denial of service through unbounded protobuf recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44290 高危 7.5.5 7.5.6, 8.0.2 protobuf.js: Process-wide denial of service through unsafe option paths

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44291 高危 7.5.5 7.5.6, 8.0.2 protobuf.js: Code generation gadget after prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44293 高危 7.5.5 7.5.6, 8.0.2 protobuf.js: Code injection through bytes field defaults in generated toObject code

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
tar CVE-2026-29786 高危 7.5.9 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
tar CVE-2026-31802 高危 7.5.9 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
@anthropic-ai/sdk CVE-2026-41686 中危 0.90.0 0.91.1 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41686

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-05-04 19:16 修改: 2026-05-12 18:37
@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs has overlong UTF-8 decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
nodemailer GHSA-vvjj-xcjg-gr5g 中危 7.0.11 8.0.5 Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

漏洞详情: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-04-08 15:05 修改: 2026-04-08 15:05
brace-expansion CVE-2026-33750 中危 5.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
postcss CVE-2026-41305 中危 8.4.49 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-04-24 03:16 修改: 2026-04-24 17:16
fast-xml-builder CVE-2026-44664 中危 1.1.5 1.1.6 fast-xml-builder Comment Value regex can be bypassed

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44664

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
file-type CVE-2026-31808 中危 16.5.4 21.3.1 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-03-10 21:16 修改: 2026-03-18 19:48
hono CVE-2026-44457 中危 4.12.16 4.12.18 Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44457

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
hono CVE-2026-44458 中危 4.12.16 4.12.18 Hono has CSS Declaration Injection via Style Object Values in JSX SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44458

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44288 中危 7.5.5 7.5.6, 8.0.2 protobufjs has overlong UTF-8 decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44292 中危 7.5.5 7.5.6, 8.0.2 protobuf.js: Prototype injection in generated message constructors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
protobufjs CVE-2026-44294 中危 7.5.5 7.5.6, 8.0.2 protobuf.js: Denial of service from crafted field names in generated code

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
showdown CVE-2024-1899 中危 2.1.0 Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1899

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2024-02-26 19:15 修改: 2025-09-18 16:25
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address has XSS in Address6 HTML-emitting methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:e866c35329611de1475a210fac7ece22bf992dd0db5d95fc38e2de816bce5d8b

发布日期: 2026-05-12 20:16 修改: 2026-05-12 20:16
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address has XSS in Address6 HTML-emitting methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-05-12 20:16 修改: 2026-05-12 20:16
uuid CVE-2026-41907 中危 11.1.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
uuid CVE-2026-41907 中危 13.0.0 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
nodemailer GHSA-c7w3-x93f-qmm8 低危 7.0.11 8.0.4 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

漏洞详情: https://github.com/advisories/GHSA-c7w3-x93f-qmm8

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-03-26 22:26 修改: 2026-03-26 22:26
hono CVE-2026-44459 低危 4.12.16 4.12.18 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44459

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
@supabase/auth-js CVE-2025-48370 低危 2.69.1 2.70.0 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48370

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2025-05-27 16:15 修改: 2026-04-27 22:16
@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:534aeec0b1a6ebb635f5abbd381d8f6b95edd29996147c2c1e62225c4f3902aa

发布日期: 2026-03-03 05:17 修改: 2026-04-29 01:00