ghcr.io/dhtc/cnmf:v1 linux/amd64

ghcr.io/dhtc/cnmf:v1 - Trivy安全扫描结果扫描时间: 2026-06-13 14:57

全部漏洞信息

低危漏洞:32

中危漏洞:46

高危漏洞:10

严重漏洞:0

系统OS: ubuntu 22.04 扫描引擎: Trivy 扫描时间: 2026-06-13 14:57

ghcr.io/dhtc/cnmf:v1 (ubuntu 22.04) (ubuntu)

低危漏洞:31

中危漏洞:37

高危漏洞:1

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libssl3	CVE-2026-45447	高危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 15:16
git	CVE-2024-52005	中危	1:2.34.1-1ubuntu1.17		git: The sideband payload is passed unfiltered to the terminal in git 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
git-man	CVE-2024-52005	中危	1:2.34.1-1ubuntu1.17		git: The sideband payload is passed unfiltered to the terminal in git 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52005 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2025-01-15 18:15 修改: 2025-12-18 16:00
libarchive13	CVE-2026-5745	中危	3.6.0-1ubuntu1.7		libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5745 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2026-04-07 16:16 修改: 2026-05-03 15:15
libblkid1	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libc-bin	CVE-2026-4046	中危	2.35-0ubuntu3.13		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc-bin	CVE-2026-5435	中危	2.35-0ubuntu3.13		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc-bin	CVE-2026-6238	中危	2.35-0ubuntu3.13		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libc6	CVE-2026-4046	中危	2.35-0ubuntu3.13		glibc: glibc: Denial of Service via iconv() function with specific character sets 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4046 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-03-30 18:16 修改: 2026-04-20 22:16
libc6	CVE-2026-5435	中危	2.35-0ubuntu3.13		glibc: glibc: Out-of-bounds write via TSIG record processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5435 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-28 13:19 修改: 2026-05-05 17:38
libc6	CVE-2026-6238	中危	2.35-0ubuntu3.13		glibc: glibc: Application crash or uninitialized memory read via crafted DNS response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6238 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-28 19:37 修改: 2026-05-04 17:57
libexpat1	CVE-2025-66382	中危	2.4.7-1ubuntu0.7		libexpat: libexpat: Denial of service via crafted file processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66382 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2025-11-28 07:15 修改: 2026-06-02 14:16
libgcrypt20	CVE-2026-41989	中危	1.9.4-3ubuntu3	1.9.4-3ubuntu3.2	Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41989 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-23 05:16 修改: 2026-04-27 18:33
libgnutls30	CVE-2026-33845	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33845 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-33846	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33846 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-04 10:15 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-3832	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3832 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 17:16
libgnutls30	CVE-2026-3833	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3833 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-30 18:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-42009	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42009 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-18 13:16 修改: 2026-06-08 17:16
libgnutls30	CVE-2026-42010	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Authentication Bypass via NUL Character in Username 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42010 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-07 12:16 修改: 2026-06-10 16:17
libgnutls30	CVE-2026-42011	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Security bypass due to incorrect name constraint handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42011 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-07 15:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-42012	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42012 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-42013	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42013 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-42014	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42014 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
libgnutls30	CVE-2026-42015	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42015 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libgnutls30	CVE-2026-5260	中危	3.7.3-4ubuntu1.8	3.7.3-4ubuntu1.9	gnutls: gnutls: Information disclosure via heap overread in RSA key exchange 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5260 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-05-26 22:16 修改: 2026-06-02 16:16
libmount1	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libsmartcols1	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
bsdutils	CVE-2026-27456	中危	1:2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
libssl3	CVE-2026-34182	中危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 17:16
libssl3	CVE-2026-45445	中危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libsystemd0	CVE-2026-40226	中危	249.11-0ubuntu3.20	249.11-0ubuntu3.21	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libudev1	CVE-2026-40226	中危	249.11-0ubuntu3.20	249.11-0ubuntu3.21	systemd: systemd nspawn: Escape-to-host action via crafted config file 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40226 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-10 16:16 修改: 2026-04-17 22:02
libuuid1	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
mount	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
tar	CVE-2025-45582	中危	1.34+dfsg-1ubuntu0.1.22.04.2		tar: Tar path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-45582 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2025-07-11 17:15 修改: 2025-11-02 01:15
tar	CVE-2026-5704	中危	1.34+dfsg-1ubuntu0.1.22.04.2		tar: tar: Hidden file injection via crafted archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5704 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-06 16:16 修改: 2026-04-22 20:08
util-linux	CVE-2026-27456	中危	2.37.2-4ubuntu3.5		util-linux: TOCTOU in the mount program when setting up loop devices 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-03 22:16 修改: 2026-04-22 16:08
wget	CVE-2021-31879	中危	1.21.2-2ubuntu1.1		wget: authorization header disclosure on redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31879 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2021-04-29 05:15 修改: 2024-11-21 06:06
libgcrypt20	CVE-2024-2236	低危	1.9.4-3ubuntu3		libgcrypt: vulnerable to Marvin Attack 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2236 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2024-03-06 22:15 修改: 2026-04-15 00:35
libgfortran5	CVE-2022-27943	低危	12.3.0-1ubuntu1~22.04.3		binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2022-03-26 13:15 修改: 2024-11-21 06:56
libicu70	CVE-2025-5222	低危	70.1-2		icu: Stack buffer overflow in the SRBRoot::addTag function 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5222 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2025-05-27 21:15 修改: 2026-04-23 00:16
libssl3	CVE-2026-34180	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42766	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42767	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-42770	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-45446	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-7383	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libssl3	CVE-2026-9076	低危	3.0.2-0ubuntu1.23	3.0.2-0ubuntu1.25	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-06-09 17:17 修改: 2026-06-10 08:16
libstdc++6	CVE-2022-27943	低危	12.3.0-1ubuntu1~22.04.3		binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2022-03-26 13:15 修改: 2024-11-21 06:56
liblzma5	CVE-2026-34743	低危	5.2.5-2ubuntu1	5.2.5-2ubuntu1.1	xz: XZ Utils: Denial of Service via buffer overflow in index decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-02 19:21 修改: 2026-04-15 17:33
libsystemd0	CVE-2023-7008	低危	249.11-0ubuntu3.20	249.11-0ubuntu3.21	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-23 13:15 修改: 2025-11-04 17:15
libsystemd0	CVE-2026-40228	低危	249.11-0ubuntu3.20		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libtinfo6	CVE-2023-50495	低危	6.3-2ubuntu0.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-12 15:15 修改: 2025-11-04 19:16
libgcc-s1	CVE-2022-27943	低危	12.3.0-1ubuntu1~22.04.3		binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2022-03-26 13:15 修改: 2024-11-21 06:56
libudev1	CVE-2023-7008	低危	249.11-0ubuntu3.20	249.11-0ubuntu3.21	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-7008 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-23 13:15 修改: 2025-11-04 17:15
libudev1	CVE-2026-40228	低危	249.11-0ubuntu3.20		systemd: systemd-journald: Unintended output to user terminals via logger command 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40228 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2026-04-10 16:16 修改: 2026-05-05 02:16
libncurses6	CVE-2023-50495	低危	6.3-2ubuntu0.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-12 15:15 修改: 2025-11-04 19:16
libzstd1	CVE-2022-4899	低危	1.4.8+dfsg-3build1		zstd: mysql: buffer overrun in util.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4899 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-03-31 20:15 修改: 2025-02-18 18:15
login	CVE-2023-29383	低危	1:4.8.1-2ubuntu2.2		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-04-14 22:15 修改: 2025-11-03 20:16
login	CVE-2024-56433	低危	1:4.8.1-2ubuntu2.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libncursesw6	CVE-2023-50495	低危	6.3-2ubuntu0.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-12 15:15 修改: 2025-11-04 19:16
ncurses-base	CVE-2023-50495	低危	6.3-2ubuntu0.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-12 15:15 修改: 2025-11-04 19:16
ncurses-bin	CVE-2023-50495	低危	6.3-2ubuntu0.1		ncurses: segmentation fault via _nc_wrap_entry() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50495 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-12-12 15:15 修改: 2025-11-04 19:16
passwd	CVE-2023-29383	低危	1:4.8.1-2ubuntu2.2		shadow: Improper input validation in shadow-utils package utility chfn 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29383 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-04-14 22:15 修改: 2025-11-03 20:16
passwd	CVE-2024-56433	低危	1:4.8.1-2ubuntu2.2		shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56433 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2024-12-26 09:15 修改: 2026-04-15 00:35
libpcre2-8-0	CVE-2022-41409	低危	10.39-3ubuntu0.1		pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41409 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2023-07-18 14:15 修改: 2024-11-21 07:23
libpcre3	CVE-2017-11164	低危	2:8.39-13ubuntu0.22.04.1		pcre: OP_KETRMAX feature in the match function in pcre_exec.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-11164 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2017-07-11 03:29 修改: 2025-04-20 01:37
libquadmath0	CVE-2022-27943	低危	12.3.0-1ubuntu1~22.04.3		binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:016625abc40f679e65b6da5bd5ca743d044289d43b53561c641547e7eed4b5e3 发布日期: 2022-03-26 13:15 修改: 2024-11-21 06:56
gcc-12-base	CVE-2022-27943	低危	12.3.0-1ubuntu1~22.04.3		binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27943 镜像层: sha256:8bba68e7621928237aa6d6e2c680cb9572c942ee23c2adabd22016bb67cb938d 发布日期: 2022-03-26 13:15 修改: 2024-11-21 06:56

Conda (conda-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Node.js (node-pkg)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息

Python (python-pkg)

低危漏洞:1

中危漏洞:9

高危漏洞:9

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
Brotli	CVE-2025-6176	高危	1.1.0	1.2.0	Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-10-31 00:15 修改: 2026-04-15 00:35
jaraco.context	CVE-2026-23949	高危	5.3.0	6.1.0	jaraco.context: jaraco.context: Path traversal via malicious tar archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23949 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-01-20 01:15 修改: 2026-03-11 23:12
setuptools	CVE-2025-47273	高危	75.3.0	78.1.1	setuptools: Path Traversal Vulnerability in setuptools PackageIndex 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-05-17 16:15 修改: 2025-06-12 16:29
urllib3	CVE-2025-66418	高危	2.2.3	2.6.0	urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-12-05 16:15 修改: 2025-12-10 16:08
urllib3	CVE-2025-66471	高危	2.2.3	2.6.0	urllib3: urllib3 Streaming API improperly handles highly compressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-12-05 17:16 修改: 2025-12-10 16:10
urllib3	CVE-2026-21441	高危	2.2.3	2.6.3	urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-01-07 22:15 修改: 2026-01-23 09:15
urllib3	CVE-2026-44431	高危	2.2.3	2.7.0	urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-05-13 16:16 修改: 2026-05-14 13:56
wheel	CVE-2026-24049	高危	0.43.0	0.46.2	wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
wheel	CVE-2026-24049	高危	0.45.0	0.46.2	wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-01-22 05:16 修改: 2026-02-18 14:56
idna	CVE-2026-45409	中危	3.10	3.15	Internationalized Domain Names in Applications (IDNA) for Python provi ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-06-05 23:16 修改: 2026-06-08 15:02
h2	CVE-2025-57804	中危	4.1.0	4.3.0	h2: h2 allows HTTP Request Smuggling due to illegal characters in headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-57804 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-08-25 21:15 修改: 2026-04-15 00:35
pip	CVE-2025-8869	中危	24.3.1	25.3	pip: pip missing checks on symbolic link extraction 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-09-24 15:15 修改: 2026-04-15 00:35
pip	CVE-2026-3219	中危	24.3.1	26.1	pip: pip: Incorrect file installation due to improper archive handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-04-20 16:16 修改: 2026-04-20 21:16
pip	CVE-2026-6357	中危	24.3.1	26.1	pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-04-27 15:16 修改: 2026-04-27 23:16
urllib3	CVE-2025-50181	中危	2.2.3	2.5.0	urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-06-19 01:15 修改: 2025-12-22 19:15
urllib3	CVE-2025-50182	中危	2.2.3	2.5.0	urllib3: urllib3 does not control redirects in browsers and Node.js 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-06-19 02:15 修改: 2025-12-22 19:15
requests	CVE-2024-47081	中危	2.32.3	2.32.4	requests: Requests vulnerable to .netrc credentials leak via malicious URLs 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2025-06-09 18:15 修改: 2026-04-15 00:35
requests	CVE-2026-25645	中危	2.32.3	2.33.0	requests: Requests: Security bypass due to predictable temporary file creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-03-25 17:16 修改: 2026-03-30 14:23
pip	CVE-2026-1703	低危	24.3.1	26.0	pip: pip: Information disclosure via path traversal when installing crafted wheel archives 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703 镜像层: sha256:5aafea011e40ee992bba185c1b5c3b3fce0367fa68357c2e724f889bbcb2cf3c 发布日期: 2026-02-02 15:16 修改: 2026-04-15 00:35

opt/miniconda3/envs/cnmf_env/lib/python3.14/site-packages/rpds/rpds.cpython-314-x86_64-linux-gnu.so (rustbinary)

低危漏洞:0

中危漏洞:0

高危漏洞:0

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息