ghcr.io/docling-project/docling-serve:v1.26.0 linux/amd64

ghcr.io/docling-project/docling-serve:v1.26.0 - Trivy安全扫描结果 扫描时间: 2026-07-01 02:00
全部漏洞信息
低危漏洞:11 中危漏洞:21 高危漏洞:3 严重漏洞:0

系统OS: centos-stream 9 扫描引擎: Trivy 扫描时间: 2026-07-01 02:00

Java (jar)
低危漏洞:0 中危漏洞:6 高危漏洞:2 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.16.1 2.18.8, 3.1.4, 2.21.4 jackson-databind contains the general-purpose data-binding functionali ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.16.1 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-23 21:17 修改: 2026-06-30 03:21

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.16.1 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.16.1 2.18.8, 2.21.4, 3.1.4 jackson-databind contains the general-purpose data-binding functionali ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.16.1 3.1.4, 2.18.9, 2.21.5 jackson-databind contains the general-purpose data-binding functionali ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.25.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.25.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.25.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Python (python-pkg)
低危漏洞:11 中危漏洞:15 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
ray CVE-2026-41486 高危 2.54.1 2.55.0 Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41486

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-05-08 22:16 修改: 2026-06-17 10:46

aiohttp CVE-2026-34515 中危 3.13.3 3.13.4 aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34515

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34516 中危 3.13.3 3.13.4 aiohttp: AIOHTTP: Denial of Service via excessive multipart headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34516

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34525 中危 3.13.3 3.13.4 aiohttp: aiohttp: Security bypass via multiple Host headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34525

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

aiohttp CVE-2026-34993 中危 3.13.3 3.14.0 aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34993

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-02 20:16 修改: 2026-06-30 03:19

aiohttp CVE-2026-47265 中危 3.13.3 3.14.0 python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47265

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-02 20:16 修改: 2026-06-17 10:54

aiohttp CVE-2026-54273 中危 3.13.3 3.14.1 aiohttp: AIOHTTP: Denial of Service via excessive pipelined requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54273

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37

aiohttp CVE-2026-54274 中危 3.13.3 3.14.1 aiohttp: aiohttp: Denial of Service via incomplete websocket frame payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54274

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:37

aiohttp CVE-2026-54276 中危 3.13.3 3.14.1 aiohttp: aiohttp: Information disclosure via DigestAuthMiddleware after cross-origin redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54276

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-23 17:17

aiohttp CVE-2026-54277 中危 3.13.3 3.14.1 aiohttp: aiohttp: Denial of Service via oversized HTTP request lines bypassing max_line_size check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54277

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-23 16:17

aiohttp CVE-2026-54278 中危 3.13.3 3.14.1 aiohttp: aiohttp: Denial of Service due to excessive memory consumption from compressed request body

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54278

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:27

idna CVE-2026-45409 中危 3.11 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

pip CVE-2025-8869 中危 24.2 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:a9ef22a1a7d22889473e8645a7c102bd4c4e33be1a44272a45c3438a9134876d

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2026-3219 中危 24.2 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:a9ef22a1a7d22889473e8645a7c102bd4c4e33be1a44272a45c3438a9134876d

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 24.2 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:a9ef22a1a7d22889473e8645a7c102bd4c4e33be1a44272a45c3438a9134876d

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

aiohttp CVE-2026-22815 中危 3.13.3 3.13.4 aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22815

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:20

aiohttp CVE-2026-34520 低危 3.13.3 3.13.4 aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34520

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

aiohttp CVE-2026-50269 低危 3.13.3 3.14.0 aiohttp: AIOHTTP: CRLF injection in multipart headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50269

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:39

aiohttp CVE-2026-54275 低危 3.13.3 3.14.1 aiohttp: AIOHTTP: TLS SNI check bypass via connection reuse

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54275

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36

aiohttp CVE-2026-54279 低危 3.13.3 3.14.1 aiohttp: AIOHTTP: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54279

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:36

aiohttp CVE-2026-54280 低危 3.13.3 3.14.1 AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54280

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:35

aiohttp CVE-2026-34513 低危 3.13.3 3.13.4 aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34513

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34514 低危 3.13.3 3.13.4 aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34514

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34517 低危 3.13.3 3.13.4 aiohttp: AIOHTTP: Denial of Service via large multipart form fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34517

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:16 修改: 2026-06-17 10:39

aiohttp CVE-2026-34518 低危 3.13.3 3.13.4 aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34518

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

pip CVE-2026-1703 低危 24.2 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:a9ef22a1a7d22889473e8645a7c102bd4c4e33be1a44272a45c3438a9134876d

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

aiohttp CVE-2026-34519 低危 3.13.3 3.13.4 aiohttp: aiohttp: Header injection vulnerability via reason parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34519

镜像层: sha256:aeaa66a7acccdae9baad3d89e6a46712b77c4e0cd33e2482b4417ff78301ddf4

发布日期: 2026-04-01 21:17 修改: 2026-06-17 10:39

/opt/app-root/lib/python3.12/site-packages/skimage/data/_fetchers.py ()
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×