| github.com/ollama/ollama |
CVE-2025-63389 |
严重 |
v0.5.1 |
|
Ollama Platform has missing authentication enabling attackers to perform model management operations
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-63389
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-12-18 16:15 修改: 2025-12-30 20:00
|
| github.com/expr-lang/expr |
CVE-2025-68156 |
高危 |
v1.17.2 |
1.17.7 |
github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68156
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-12-16 19:16 修改: 2025-12-18 15:08
|
| github.com/kedacore/keda/v2 |
CVE-2025-68476 |
高危 |
v2.16.0 |
2.18.3, 2.17.3 |
github.com/kedacore/keda: KEDA: Arbitrary file read vulnerability in Vault authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68476
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-12-22 22:16 修改: 2025-12-23 14:51
|
| github.com/containerd/containerd |
CVE-2024-25621 |
高危 |
v1.7.24 |
1.7.29 |
github.com/containerd/containerd: containerd local privilege escalation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25621
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-11-06 19:15 修改: 2025-12-31 02:29
|
| github.com/ollama/ollama |
CVE-2025-1975 |
高危 |
v0.5.1 |
|
ollama: Improper Validation of Array Index in ollama/ollama
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1975
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-05-16 09:15 修改: 2025-06-24 16:40
|
| golang.org/x/oauth2 |
CVE-2025-22868 |
高危 |
v0.25.0 |
0.27.0 |
golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22868
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-02-26 08:14 修改: 2025-05-01 19:27
|
| helm.sh/helm/v3 |
CVE-2025-53547 |
高危 |
v3.17.3 |
3.18.4, 3.17.4 |
helm.sh/helm/v3: Helm Chart Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53547
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-07-08 22:15 修改: 2025-09-03 16:26
|
| stdlib |
CVE-2025-47907 |
高危 |
1.23.4 |
1.23.12, 1.24.6 |
database/sql: Postgres Scan Race Condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47907
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-08-07 16:15 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-58183 |
高危 |
1.23.4 |
1.24.8, 1.25.2 |
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58183
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-61729 |
高危 |
1.23.4 |
1.24.11, 1.25.5 |
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61729
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-12-02 19:15 修改: 2025-12-19 18:25
|
| github.com/containerd/containerd |
CVE-2024-40635 |
中危 |
v1.7.24 |
1.7.27, 1.6.38 |
containerd: containerd has an integer overflow in User ID handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40635
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-03-17 22:15 修改: 2025-10-02 01:51
|
| github.com/containerd/containerd |
CVE-2025-64329 |
中危 |
v1.7.24 |
1.7.29 |
github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64329
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-11-07 05:16 修改: 2025-12-31 18:34
|
| helm.sh/helm/v3 |
CVE-2025-55198 |
中危 |
v3.17.3 |
3.18.5 |
helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55198
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:28
|
| helm.sh/helm/v3 |
CVE-2025-55199 |
中危 |
v3.17.3 |
3.18.5 |
helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55199
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-08-14 00:15 修改: 2025-08-21 21:25
|
| github.com/ollama/ollama |
CVE-2025-51471 |
中危 |
v0.5.1 |
|
Ollama vulnerable to Cross-Domain Token Exposure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-51471
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-07-22 19:15 修改: 2025-10-17 18:15
|
| golang.org/x/crypto |
CVE-2025-47914 |
中危 |
v0.36.0 |
0.45.0 |
golang.org/x/crypto/ssh/agent: in golang.org/x/crypto/ssh/agent
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47914
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:36
|
| golang.org/x/crypto |
CVE-2025-58181 |
中危 |
v0.36.0 |
0.45.0 |
golang.org/x/crypto/ssh: in golang.org/x/crypto/ssh
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58181
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-11-19 21:15 修改: 2025-12-11 19:29
|
| stdlib |
CVE-2024-45336 |
中危 |
1.23.4 |
1.22.11, 1.23.5, 1.24.0-rc.2 |
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45336
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-01-28 02:15 修改: 2025-02-21 18:15
|
| stdlib |
CVE-2024-45341 |
中危 |
1.23.4 |
1.22.11, 1.23.5, 1.24.0-rc.2 |
golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45341
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-01-28 02:15 修改: 2025-02-21 18:15
|
| stdlib |
CVE-2025-0913 |
中危 |
1.23.4 |
1.23.10, 1.24.4 |
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-0913
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-06-11 18:15 修改: 2025-08-08 14:53
|
| stdlib |
CVE-2025-22866 |
中危 |
1.23.4 |
1.22.12, 1.23.6, 1.24.0-rc.3 |
crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22866
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-02-06 17:15 修改: 2025-02-21 18:15
|
| stdlib |
CVE-2025-22871 |
中危 |
1.23.4 |
1.23.8, 1.24.2 |
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22871
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-04-08 20:15 修改: 2025-04-18 15:15
|
| stdlib |
CVE-2025-4673 |
中危 |
1.23.4 |
1.23.10, 1.24.4 |
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4673
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-06-11 17:15 修改: 2025-06-12 16:06
|
| stdlib |
CVE-2025-47906 |
中危 |
1.23.4 |
1.23.12, 1.24.6 |
os/exec: Unexpected paths returned from LookPath in os/exec
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47906
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-09-18 19:15 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-47912 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
net/url: Insufficient validation of bracketed IPv6 hostnames in net/url
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47912
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-58185 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58185
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-58186 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58186
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-58187 |
中危 |
1.23.4 |
1.24.9, 1.25.3 |
crypto/x509: Quadratic complexity when checking name constraints in crypto/x509
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58187
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-20 23:15
|
| stdlib |
CVE-2025-58188 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58188
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-58189 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58189
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-61723 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61723
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-61724 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61724
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-11-04 22:16
|
| stdlib |
CVE-2025-61725 |
中危 |
1.23.4 |
1.24.8, 1.25.2 |
net/mail: Excessive CPU consumption in ParseAddress in net/mail
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61725
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-10-29 23:16 修改: 2025-12-09 18:15
|
| stdlib |
CVE-2025-61727 |
中危 |
1.23.4 |
1.24.11, 1.25.5 |
golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61727
镜像层: sha256:00a660d014e247aa4557c86d35ea4c92eea44b88f82549140ce48734c8a11ef7
发布日期: 2025-12-03 20:16 修改: 2025-12-18 20:15
|