ghcr.io/imbuxiangnan-cyber/copilot-api-plus:latest linux/amd64

ghcr.io/imbuxiangnan-cyber/copilot-api-plus:latest - Trivy安全扫描结果 扫描时间: 2026-05-15 15:22
全部漏洞信息
低危漏洞:7 中危漏洞:48 高危漏洞:22 严重漏洞:4

系统OS: alpine 3.20.7 扫描引擎: Trivy 扫描时间: 2026-05-15 15:22

ghcr.io/imbuxiangnan-cyber/copilot-api-plus:latest (alpine 3.20.7) (alpine)
低危漏洞:5 中危漏洞:26 高危漏洞:15 严重漏洞:4
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2025-15467 严重 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-07 18:12
libcrypto3 CVE-2026-31789 严重 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-15467 严重 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15467

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-07 18:12
libssl3 CVE-2026-31789 严重 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28387 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28388 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28389 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2026-28390 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-69419 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-69421 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69419 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69419

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69421 高危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69421

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28387 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28388 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28389 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-28390 高危 3.3.4-r0 3.3.7-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
musl CVE-2026-40200 高危 1.2.5-r1 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
musl-utils CVE-2026-40200 高危 1.2.5-r1 1.2.5-r3 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-10 17:17 修改: 2026-04-27 19:18
zlib CVE-2026-22184 高危 1.3.1-r1 1.3.2-r0 zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22184

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-07 21:16 修改: 2026-03-18 16:26
libcrypto3 CVE-2026-31790 中危 3.3.4-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
busybox CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
busybox-binsh CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
libcrypto3 CVE-2025-15468 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
libcrypto3 CVE-2025-66199 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
libcrypto3 CVE-2025-68160 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-69418 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-69420 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-9230 中危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
libssl3 CVE-2025-15468 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15468

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:38
libssl3 CVE-2025-66199 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66199

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-02-02 18:37
libssl3 CVE-2025-68160 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68160

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69418 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69418

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-69420 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via malformed TimeStamp Response

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69420

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2025-9230 中危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9230

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
libssl3 CVE-2025-9231 中危 3.3.4-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
libssl3 CVE-2026-22795 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-22796 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
libssl3 CVE-2026-31790 中危 3.3.4-r0 3.3.7-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-07 22:16 修改: 2026-05-12 13:17
libcrypto3 CVE-2025-9231 中危 3.3.4-r0 3.3.5-r0 openssl: Timing side-channel in SM2 algorithm on 64 bit ARM

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9231

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
musl CVE-2026-6042 中危 1.2.5-r1 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
libcrypto3 CVE-2026-22795 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22795

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
musl-utils CVE-2026-6042 中危 1.2.5-r1 1.2.5-r2 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-04-10 09:16 修改: 2026-04-24 18:01
ssl_client CVE-2024-58251 中危 1.36.1-r29 1.36.1-r31 In netstat in BusyBox through 1.37.0, local users can launch of networ ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-58251

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 18:16 修改: 2026-04-15 00:35
libcrypto3 CVE-2026-22796 中危 3.3.4-r0 3.3.6-r0 openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22796

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-01-27 16:16 修改: 2026-05-12 13:17
zlib CVE-2026-27171 中危 1.3.1-r1 1.3.2-r0 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27171

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2026-02-18 04:16 修改: 2026-03-25 21:27
libssl3 CVE-2025-9232 低危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
busybox CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 16:15 修改: 2025-09-24 14:38
ssl_client CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 16:15 修改: 2025-09-24 14:38
busybox-binsh CVE-2025-46394 低危 1.36.1-r29 1.36.1-r31 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46394

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-04-23 16:15 修改: 2025-09-24 14:38
libcrypto3 CVE-2025-9232 低危 3.3.4-r0 3.3.5-r0 openssl: Out-of-bounds read in HTTP client no_proxy handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-9232

镜像层: sha256:097100c76c154cc850192d4aad97bbb1438883ab0cf11944673b645f60d683cb

发布日期: 2025-09-30 14:15 修改: 2026-05-12 13:17
Node.js (node-pkg)
低危漏洞:2 中危漏洞:22 高危漏洞:7 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
hono CVE-2025-62610 高危 4.9.9 4.10.2 Hono Improper Authorization vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-62610

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2025-10-22 20:15 修改: 2026-02-04 15:56
hono CVE-2026-22817 高危 4.9.9 4.11.4 Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22817

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-13 20:16 修改: 2026-01-20 16:48
hono CVE-2026-22818 高危 4.9.9 4.11.4 Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22818

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-13 20:16 修改: 2026-01-20 16:47
hono CVE-2026-29045 高危 4.9.9 4.12.4 Hono vulnerable to arbitrary file access via serveStatic vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29045

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-04 23:16 修改: 2026-03-06 18:06
undici CVE-2026-1526 高危 7.16.0 6.24.0, 7.24.0 undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1526

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:56
undici CVE-2026-1528 高危 7.16.0 6.24.0, 7.24.0 undici: undici: Denial of Service via crafted WebSocket frame with large length

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1528

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:41
undici CVE-2026-2229 高危 7.16.0 6.24.0, 7.24.0 undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2229

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:39
hono CVE-2026-24771 中危 4.9.9 4.11.7 Hono vulnerable to XSS through ErrorBoundary component

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24771

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-27 20:16 修改: 2026-02-04 15:28
hono CVE-2026-29085 中危 4.9.9 4.12.4 Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29085

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-04 23:16 修改: 2026-03-06 18:03
hono CVE-2026-29086 中危 4.9.9 4.12.4 Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29086

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-04 23:16 修改: 2026-03-06 18:00
hono CVE-2026-39407 中危 4.9.9 4.12.12 Hono: Middleware bypass via repeated slashes in serveStatic

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39407

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-08 15:16 修改: 2026-04-21 18:36
hono CVE-2026-39408 中危 4.9.9 4.12.12 Hono: Path traversal in toSSG() allows writing files outside the output directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39408

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-08 15:16 修改: 2026-04-21 18:31
hono CVE-2026-39409 中危 4.9.9 4.12.12 Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39409

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-08 15:16 修改: 2026-04-21 18:30
hono CVE-2026-39410 中危 4.9.9 4.12.12 Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39410

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-08 15:16 修改: 2026-04-21 18:26
hono CVE-2026-44455 中危 4.9.9 4.12.16 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44455

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
hono CVE-2026-44456 中危 4.9.9 4.12.16 Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44456

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
hono CVE-2026-44457 中危 4.9.9 4.12.18 Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44457

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
hono CVE-2026-44458 中危 4.9.9 4.12.18 Hono has CSS Declaration Injection via Style Object Values in JSX SSR

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44458

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
hono GHSA-26pp-8wgv-hjvm 中危 4.9.9 4.12.12 Hono missing validation of cookie name on write path in setCookie()

漏洞详情: https://github.com/advisories/GHSA-26pp-8wgv-hjvm

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-08 00:17 修改: 2026-04-08 00:17
hono GHSA-458j-xx4x-4375 中危 4.9.9 4.12.14 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

漏洞详情: https://github.com/advisories/GHSA-458j-xx4x-4375

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-04-16 01:02 修改: 2026-04-16 01:02
hono GHSA-q7jf-gf43-6x6p 中危 4.9.9 4.10.3 Hono vulnerable to Vary Header Injection leading to potential CORS Bypass

漏洞详情: https://github.com/advisories/GHSA-q7jf-gf43-6x6p

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2025-10-24 19:15 修改: 2025-11-27 08:51
hono GHSA-v8w9-8mx6-g223 中危 4.9.9 4.12.7 Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })

漏洞详情: https://github.com/advisories/GHSA-v8w9-8mx6-g223

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-11 00:31 修改: 2026-03-11 00:31
srvx CVE-2026-33732 中危 0.8.9 0.11.13 srvx is vulnerable to middleware bypass via absolute URI in request line

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33732

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-26 18:16 修改: 2026-04-02 18:41
hono CVE-2026-24398 中危 4.9.9 4.11.7 Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24398

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-27 19:16 修改: 2026-02-04 15:34
hono CVE-2026-24472 中危 4.9.9 4.11.7 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24472

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-27 20:16 修改: 2026-02-04 15:32
hono CVE-2026-24473 中危 4.9.9 4.11.7 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24473

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-27 20:16 修改: 2026-02-04 15:30
undici CVE-2026-1525 中危 7.16.0 6.24.0, 7.24.0 undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1525

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-12 20:16 修改: 2026-03-19 17:29
undici CVE-2026-1527 中危 7.16.0 6.24.0, 7.24.0 undici: Undici: HTTP header injection and request smuggling vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1527

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-03-12 21:16 修改: 2026-03-20 15:49
undici CVE-2026-22036 中危 7.16.0 7.18.2, 6.23.0 undici: Undici: Denial of Service via excessive decompression steps

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22036

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-01-14 19:16 修改: 2026-01-22 21:15
hono GHSA-gq3j-xvxp-8hrf 低危 4.9.9 4.11.10 Hono added timing comparison hardening in basicAuth and bearerAuth

漏洞详情: https://github.com/advisories/GHSA-gq3j-xvxp-8hrf

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 2026-02-19 20:15 修改: 2026-02-19 20:15
hono CVE-2026-44459 低危 4.9.9 4.12.18 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44459

镜像层: sha256:a86f62cabbfe6e285bfa8f7cc2a4790e88137d92d5f17d715624df7fcf379e70

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00