ghcr.io/kubeflow/dashboard/dashboard:6bc7297 linux/amd64

ghcr.io/kubeflow/dashboard/dashboard:6bc7297 - Trivy安全扫描结果 扫描时间: 2026-07-16 17:52
全部漏洞信息
低危漏洞:32 中危漏洞:64 高危漏洞:82 严重漏洞:5

系统OS: alpine 3.18.3 扫描引擎: Trivy 扫描时间: 2026-07-16 17:52

ghcr.io/kubeflow/dashboard/dashboard:6bc7297 (alpine 3.18.3) (alpine)
低危漏洞:14 中危漏洞:18 高危漏洞:6 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2023-5363 高危 3.1.2-r0 3.1.4-r0 openssl: Incorrect cipher key and IV length processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:48

libcrypto3 CVE-2024-6119 高危 3.1.2-r0 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

libssl3 CVE-2023-5363 高危 3.1.2-r0 3.1.4-r0 openssl: Incorrect cipher key and IV length processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5363

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:48

libssl3 CVE-2024-6119 高危 3.1.2-r0 3.1.7-r0 openssl: Possible denial of service in X.509 name checks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6119

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-09-03 16:15 修改: 2026-06-17 08:17

musl CVE-2025-26519 高危 1.2.4-r1 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

musl-utils CVE-2025-26519 高危 1.2.4-r1 1.2.4-r3 musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-26519

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2025-02-14 04:15 修改: 2026-06-17 09:01

busybox-binsh CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcrypto3 CVE-2023-5678 中危 3.1.2-r0 3.1.4-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

libcrypto3 CVE-2023-6129 中危 3.1.2-r0 3.1.4-r3 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-01-09 17:15 修改: 2026-06-17 06:50

libcrypto3 CVE-2024-0727 中危 3.1.2-r0 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

busybox CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

busybox CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libssl3 CVE-2023-5678 中危 3.1.2-r0 3.1.4-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49

libssl3 CVE-2023-6129 中危 3.1.2-r0 3.1.4-r3 openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6129

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-01-09 17:15 修改: 2026-06-17 06:50

libssl3 CVE-2024-0727 中危 3.1.2-r0 3.1.4-r5 openssl: denial of service via null dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-0727

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-01-26 09:15 修改: 2026-06-17 06:54

busybox-binsh CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

busybox-binsh CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42363 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free in awk

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42363

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 22:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42364 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42364

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42365 中危 1.36.1-r2 1.36.1-r7 busybox: use-after-free

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42365

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

ssl_client CVE-2023-42366 中危 1.36.1-r2 1.36.1-r6 busybox: A heap-buffer-overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42366

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2023-11-27 23:15 修改: 2026-06-17 06:23

libcrypto3 CVE-2024-4741 低危 3.1.2-r0 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2023-6237 低危 3.1.2-r0 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-04-25 07:15 修改: 2026-06-17 06:50

libssl3 CVE-2024-13176 低危 3.1.2-r0 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libssl3 CVE-2024-2511 低危 3.1.2-r0 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libssl3 CVE-2024-4603 低危 3.1.2-r0 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-4741 低危 3.1.2-r0 3.1.6-r0 openssl: Use After Free with SSL_free_buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4741

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-11-13 11:15 修改: 2026-06-17 08:02

libssl3 CVE-2024-5535 低危 3.1.2-r0 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libssl3 CVE-2024-9143 低危 3.1.2-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2024-5535 低危 3.1.2-r0 3.1.6-r0 openssl: SSL_select_next_proto buffer overread

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5535

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-06-27 11:15 修改: 2026-06-17 08:16

libcrypto3 CVE-2024-9143 低危 3.1.2-r0 3.1.7-r1 openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9143

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-10-16 17:15 修改: 2026-06-17 08:24

libcrypto3 CVE-2023-6237 低危 3.1.2-r0 3.1.4-r4 openssl: Excessive time spent checking invalid RSA public keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6237

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-04-25 07:15 修改: 2026-06-17 06:50

libcrypto3 CVE-2024-13176 低危 3.1.2-r0 3.1.8-r0 openssl: Timing side-channel in ECDSA signature computation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13176

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2025-01-20 14:15 修改: 2026-06-17 07:01

libcrypto3 CVE-2024-2511 低危 3.1.2-r0 3.1.4-r6 openssl: Unbounded memory growth with session handling in TLSv1.3

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-2511

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-04-08 14:15 修改: 2026-06-17 07:24

libcrypto3 CVE-2024-4603 低危 3.1.2-r0 3.1.5-r0 openssl: Excessive time spent checking DSA keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-4603

镜像层: sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230

发布日期: 2024-05-16 16:15 修改: 2026-06-17 08:02

Node.js (node-pkg)
低危漏洞:18 中危漏洞:46 高危漏洞:76 严重漏洞:5
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
form-data CVE-2025-7783 严重 2.3.3 2.5.4, 3.0.4, 4.0.4 form-data: Unsafe random function in form-data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7783

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-07-18 17:15 修改: 2026-06-17 10:05

jsonpath-plus CVE-2024-21534 严重 7.2.0 10.2.0 jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21534

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-10-11 13:15 修改: 2026-06-17 07:09

protobufjs CVE-2023-36665 严重 6.11.2 7.2.5, 6.11.4 protobufjs: prototype pollution using user-controlled protobuf message

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36665

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2023-07-05 14:15 修改: 2026-06-17 06:06

protobufjs CVE-2026-41242 严重 6.11.2 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-18 17:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-41242 严重 7.3.0 8.0.1, 7.5.5 protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-18 17:16 修改: 2026-07-15 02:21

axios CVE-2026-42035 高危 1.15.0 1.15.1, 0.31.1 axios: Axios: Arbitrary HTTP header injection via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42035

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42043 高危 1.15.0 1.15.1, 0.31.1 axios: Axios: NO_PROXY bypass via crafted URL

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42043

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42264 高危 1.15.0 1.15.2 axios: Axios: Prototype pollution allows information disclosure and request manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42264

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-08 04:16 修改: 2026-07-15 02:21

axios CVE-2026-44486 高危 1.15.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via HTTP redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44487 高危 1.15.0 1.16.0, 0.32.0 axios: Axios: Information disclosure of proxy credentials via redirect flows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44488 高危 1.15.0 1.16.0 axios: Axios: Denial of Service due to unenforced request and response size limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44492 高危 1.15.0 1.16.0, 0.32.0 axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44494 高危 1.15.0 1.16.0 axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44495 高危 1.15.0 1.15.2, 0.31.1 axios: Axios: Information disclosure due to prototype pollution vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44495

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

axios CVE-2026-44496 高危 1.15.0 1.16.0, 0.32.0 axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-07-15 02:21

body-parser CVE-2024-45590 高危 1.20.2 1.20.3 body-parser: Denial of Service Vulnerability in body-parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45590

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-09-10 16:15 修改: 2026-06-17 07:54

@grpc/grpc-js CVE-2026-48068 高危 1.10.8 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 grpc-js: @grpc/grpc-js: Server crash via malformed HTTP/2 stream initiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-07-14 20:17 修改: 2026-07-15 20:18

form-data CVE-2026-12143 高危 2.3.3 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-12 19:16 修改: 2026-07-15 02:18

form-data CVE-2026-12143 高危 4.0.5 2.5.6, 3.0.5, 4.0.6 form-data: form-data: Form field override via CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-12 19:16 修改: 2026-07-15 02:18

ip CVE-2024-29415 高危 2.0.0 node-ip: Incomplete fix for CVE-2023-42282

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2024-05-27 20:15 修改: 2026-06-17 07:22

@grpc/grpc-js CVE-2026-48069 高危 1.10.8 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 grpc-js: @grpc/grpc-js: Client or server crash via malformed compressed message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-07-14 20:17 修改: 2026-07-15 20:23

jsonpath-plus CVE-2025-1302 高危 7.2.0 10.3.0 jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1302

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-02-15 05:15 修改: 2026-06-17 08:38

jws CVE-2025-65945 高危 4.0.0 3.2.3, 4.0.1 node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-65945

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-12-04 19:16 修改: 2026-06-17 09:56

minimatch CVE-2022-3517 高危 3.0.4 3.0.5 nodejs-minimatch: ReDoS via the braceExpand function

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-10-17 20:15 修改: 2026-06-17 04:59

minimatch CVE-2026-26996 高危 3.0.4 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.0.4 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.0.4 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-26996 高危 3.1.2 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27903 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 3.1.2 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-26996 高危 5.1.0 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 minimatch: minimatch: Denial of Service via specially crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-20 03:16 修改: 2026-06-17 10:26

minimatch CVE-2026-27903 高危 5.1.0 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

minimatch CVE-2026-27904 高危 5.1.0 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-26 02:16 修改: 2026-06-17 10:27

node-fetch CVE-2022-0235 高危 2.6.6 3.1.1, 2.6.7 node-fetch: exposure of sensitive information to an unauthorized actor

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0235

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-01-16 17:15 修改: 2026-06-17 04:20

node-forge CVE-2022-24771 高危 0.10.0 1.3.0 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24771

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-03-18 14:15 修改: 2026-06-17 04:32

node-forge CVE-2022-24772 高危 0.10.0 1.3.0 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24772

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-03-18 14:15 修改: 2026-06-17 04:32

node-forge CVE-2025-12816 高危 0.10.0 1.3.2 node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12816

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-11-25 20:15 修改: 2026-06-17 08:32

node-forge CVE-2025-66031 高危 0.10.0 1.3.2 node-forge: node-forge ASN.1 Unbounded Recursion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66031

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

node-forge CVE-2026-33891 高危 0.10.0 1.4.0 node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33891

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-27 21:17 修改: 2026-07-15 02:20

node-forge CVE-2026-33894 高危 0.10.0 1.4.0 node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33894

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-27 21:17 修改: 2026-07-15 02:20

node-forge CVE-2026-33895 高危 0.10.0 1.4.0 node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33895

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-27 21:17 修改: 2026-07-15 02:20

node-forge CVE-2026-33896 高危 0.10.0 1.4.0 node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33896

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-27 21:17 修改: 2026-07-15 02:20

path-to-regexp CVE-2024-45296 高危 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 path-to-regexp: Backtracking regular expressions cause ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-09-09 19:15 修改: 2026-06-17 07:53

path-to-regexp CVE-2024-52798 高危 0.1.7 0.1.12 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52798

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-12-05 23:15 修改: 2026-06-17 08:07

path-to-regexp CVE-2026-4867 高危 0.1.7 0.1.13 path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4867

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-26 17:16 修改: 2026-06-17 10:57

@grpc/grpc-js CVE-2026-48068 高危 1.4.6 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 grpc-js: @grpc/grpc-js: Server crash via malformed HTTP/2 stream initiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48068

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-07-14 20:17 修改: 2026-07-15 20:18

@grpc/grpc-js CVE-2026-48069 高危 1.4.6 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4 grpc-js: @grpc/grpc-js: Client or server crash via malformed compressed message

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48069

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-07-14 20:17 修改: 2026-07-15 20:23

protobufjs CVE-2022-25878 高危 6.11.2 6.11.3, 6.10.3 protobufjs: Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25878

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-05-27 20:15 修改: 2026-06-17 04:34

protobufjs CVE-2026-44289 高危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-44290 高危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-48712 高危 6.11.2 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

axios CVE-2026-42033 高危 1.15.0 1.15.1, 0.31.1 axios: Axios: HTTP Transport Hijacking via Prototype Pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42033

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-44289 高危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-44290 高危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service via crafted schema

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44291 高危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary Code Execution via prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44293 高危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-07-15 02:21

protobufjs CVE-2026-48712 高危 7.3.0 7.6.1, 8.4.1 protobufjs: protobufjs: Denial of Service via uncontrolled recursion with crafted protobuf payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 18:16 修改: 2026-06-26 20:04

qs CVE-2022-24999 高危 6.5.2 6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 express: "qs" prototype poisoning causes the hang of the node process

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-11-26 22:15 修改: 2026-06-17 04:32

semver CVE-2022-25883 高危 7.3.7 7.5.2, 6.3.1, 5.7.2 nodejs-semver: Regular expression denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2023-06-21 05:15 修改: 2026-06-17 04:34

tar CVE-2026-23745 高危 6.1.11 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.1.11 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.1.11 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-26960 高危 6.1.11 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.1.11 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-31802 高危 6.1.11 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tar CVE-2026-23745 高危 6.2.1 7.5.3 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-01-16 22:16 修改: 2026-07-15 02:18

tar CVE-2026-23950 高危 6.2.1 7.5.4 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-01-20 01:15 修改: 2026-07-15 02:18

tar CVE-2026-24842 高危 6.2.1 7.5.7 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-01-28 01:16 修改: 2026-07-15 02:18

tar CVE-2026-26960 高危 6.2.1 7.5.8 node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-20 02:16 修改: 2026-06-17 10:26

tar CVE-2026-29786 高危 6.2.1 7.5.10 node-tar: hardlink path traversal via drive-relative linkpath

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-07 16:15 修改: 2026-07-15 02:19

tar CVE-2026-31802 高危 6.2.1 7.5.11 tar: tar: File overwrite via drive-relative symlink traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-10 07:44 修改: 2026-06-17 10:34

tmp CVE-2026-44705 高危 0.2.1 0.2.6 tmp is a temporary file and directory creator for node.js. Prior to 0. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:51

ws CVE-2024-37890 高危 6.2.1 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 6.2.1 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-17 13:20 修改: 2026-07-15 12:17

ws CVE-2024-37890 高危 8.17.0 5.2.4, 6.2.3, 7.5.10, 8.17.1 nodejs-ws: denial of service when handling a request with many HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37890

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

ws CVE-2026-48779 高危 8.17.0 5.2.5, 6.2.4, 7.5.11, 8.21.0 ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-17 13:20 修改: 2026-07-15 12:17

protobufjs CVE-2026-44292 中危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 6.11.2 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 6.11.2 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

@protobufjs/utf8 CVE-2026-44288 中危 1.1.0 1.1.1 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

ajv CVE-2020-15366 中危 6.9.2 6.12.3 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2020-07-15 20:15 修改: 2026-06-17 02:56

ajv CVE-2025-69873 中危 6.9.2 8.18.0, 6.14.0 ajv: ReDoS via $data reference

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69873

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-11 19:15 修改: 2026-07-15 02:17

@grpc/grpc-js CVE-2024-37168 中危 1.10.8 1.10.9, 1.9.15, 1.8.22 grps-js: allocate memory for incoming messages well above configured limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37168

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-06-10 22:15 修改: 2026-06-17 07:37

js-yaml CVE-2025-64718 中危 4.1.0 4.1.1, 3.14.2 js-yaml: js-yaml prototype pollution in merge

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64718

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-11-13 16:15 修改: 2026-06-17 09:55

js-yaml CVE-2026-53550 中危 4.1.0 4.2.0, 3.15.0 js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53550

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 16:16 修改: 2026-07-09 20:33

protobufjs CVE-2026-44288 中危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44292 中危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Data integrity impact due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-44294 中危 7.3.0 7.5.6, 8.0.2 protobufjs: protobufjs: Denial of Service due to unescaped control characters in field names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

protobufjs CVE-2026-45740 中危 7.3.0 7.5.8, 8.2.0 protobufjs: protobufjs: Denial of Service via crafted JSON descriptors

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:17 修改: 2026-06-17 10:52

protobufjs CVE-2026-54269 中危 7.3.0 7.6.3, 8.6.0 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 18:16 修改: 2026-06-24 20:40

qs CVE-2025-15284 中危 6.11.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

qs CVE-2025-15284 中危 6.11.0 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

axios CVE-2026-42034 中危 1.15.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via oversized streamed uploads bypassing body limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42034

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

qs CVE-2025-15284 中危 6.5.2 6.14.1 qs: qs: Denial of Service via improper input validation in array parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-15284

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-12-29 23:15 修改: 2026-06-17 08:37

request CVE-2023-28155 中危 2.88.0 request: bypass of SSRF mitigations when following a cross-protocol redirect

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2023-03-16 15:15 修改: 2026-06-17 05:46

axios CVE-2026-42036 中危 1.15.0 1.15.1, 0.31.1 axios: Axios: Denial of Service via unbounded stream consumption when 'responseType: 'stream'' is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42036

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42037 中危 1.15.0 1.15.1 axios: Node.js: Axios: Information disclosure via CRLF injection in multipart Content-Type header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42037

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42038 中危 1.15.0 1.15.1, 0.31.1 axios: Axios: Information disclosure due to `no_proxy` bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42038

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

node-forge CVE-2022-0122 中危 0.10.0 1.0.0 Open Redirect in node-forge

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0122

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-01-06 05:15 修改: 2026-06-17 04:20

node-forge CVE-2022-24773 中危 0.10.0 1.3.0 node-forge: Signature verification leniency in checking `DigestInfo` structure

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24773

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-03-18 14:15 修改: 2026-06-17 04:32

node-forge CVE-2025-66030 中危 0.10.0 1.3.2 node-forge: node-forge: Integer Overflow allows OID-based security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66030

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-11-26 23:15 修改: 2026-06-17 09:56

axios CVE-2026-42039 中危 1.15.0 1.15.1, 0.31.1 axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42039

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

tar CVE-2024-28863 中危 6.1.11 6.2.1 node-tar: denial of service while parsing a tar file due to lack of folders depth validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2024-03-21 23:15 修改: 2026-06-17 07:21

tar CVE-2026-53655 中危 6.1.11 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

axios CVE-2026-42041 中危 1.15.0 1.15.1, 0.31.1 axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42041

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-42042 中危 1.15.0 1.15.1, 0.31.1 axios: Axios: XSRF token bypass leading to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42042

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

axios CVE-2026-42044 中危 1.15.0 1.15.2 axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42044

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-07-15 02:21

axios CVE-2026-44490 中危 1.15.0 1.16.0, 0.32.0 axios: Axios: Information disclosure and denial of service due to prototype pollution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-11 17:16 修改: 2026-06-17 10:50

@grpc/grpc-js CVE-2024-37168 中危 1.4.6 1.10.9, 1.9.15, 1.8.22 grps-js: allocate memory for incoming messages well above configured limits

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37168

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-06-10 22:15 修改: 2026-06-17 07:37

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

tar CVE-2026-53655 中危 6.2.1 7.5.16 node-tar: node-tar: File smuggling due to inconsistent tar archive parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-06-22 16:16 修改: 2026-06-26 20:03

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

tough-cookie CVE-2023-26136 中危 2.4.3 4.1.3 tough-cookie: prototype pollution in cookie memstore

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2023-07-01 05:15 修改: 2026-06-17 05:42

uuid CVE-2026-41907 中危 3.3.2 11.1.1, 12.0.1, 13.0.1 uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 19:17 修改: 2026-06-17 10:47

word-wrap CVE-2023-26115 中危 1.2.3 1.2.4 word-wrap: ReDoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26115

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2023-06-22 05:15 修改: 2026-06-17 05:42

brace-expansion CVE-2026-33750 中危 1.1.11 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

brace-expansion CVE-2026-33750 中危 2.0.1 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-27 15:16 修改: 2026-06-17 10:38

ws CVE-2021-32640 中危 6.2.1 7.4.6, 6.2.2, 5.2.3 nodejs-ws: Specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32640

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2021-05-25 19:15 修改: 2026-06-17 03:53

follow-redirects GHSA-r4q5-vmmm-2653 中危 1.15.11 1.16.0 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

漏洞详情: https://github.com/advisories/GHSA-r4q5-vmmm-2653

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-14 01:11 修改: 2026-04-14 01:11

protobufjs CVE-2026-44288 中危 6.11.2 7.5.6, 8.0.2 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-13 16:16 修改: 2026-06-17 10:50

ws CVE-2026-45736 中危 8.17.0 8.20.1 ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-05-15 15:16 修改: 2026-07-15 02:22

diff CVE-2026-24001 低危 5.1.0 8.0.3, 5.2.2, 4.0.4, 3.5.1 jsdiff: denial of service vulnerability in parsePatch and applyPatch

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-01-22 03:15 修改: 2026-07-15 02:18

qs CVE-2026-2391 低危 6.11.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

qs CVE-2026-2391 低危 6.11.0 6.14.2 qs: qs's arrayLimit bypass in comma parsing allows denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2391

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-02-12 05:17 修改: 2026-06-17 10:30

express CVE-2024-43796 低危 4.19.2 4.20.0, 5.0.0 express: Improper Input Handling in Express Redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43796

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

axios CVE-2026-42040 低危 1.15.0 1.15.1, 0.31.1 axios: Axios: Incorrect null byte handling can lead to data integrity issues

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42040

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2026-04-24 18:16 修改: 2026-06-17 10:47

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

send CVE-2024-43799 低危 0.18.0 0.19.0 send: Code Execution Vulnerability in Send Library

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43799

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

tmp CVE-2025-54798 低危 0.2.1 0.2.4 tmp: tmp Symbolic Link Write Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-08-07 01:15 修改: 2026-06-17 09:40

serve-static CVE-2024-43800 低危 1.15.0 1.16.0, 2.1.0 serve-static: Improper Sanitization in serve-static

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43800

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-09-10 15:15 修改: 2026-06-17 07:51

brace-expansion CVE-2025-5889 低危 1.1.11 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

@tootallnate/once CVE-2026-3449 低危 2.0.0 3.0.1, 2.0.1 @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3449

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2026-03-03 05:17 修改: 2026-06-17 10:43

ip CVE-2023-42282 低危 2.0.0 2.0.1, 1.1.9 nodejs-ip: arbitrary code execution via the isPublic() function

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2024-02-08 17:15 修改: 2026-06-17 06:23

node-forge GHSA-5rrq-pxf6-6jx5 低危 0.10.0 1.0.0 Prototype Pollution in node-forge debug API.

漏洞详情: https://github.com/advisories/GHSA-5rrq-pxf6-6jx5

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-01-08 00:22 修改: 2022-01-07 22:20

node-forge GHSA-gf8q-jrpm-jvxq 低危 0.10.0 1.0.0 URL parsing in node-forge could lead to undesired behavior.

漏洞详情: https://github.com/advisories/GHSA-gf8q-jrpm-jvxq

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2022-01-08 00:22 修改: 2022-01-07 22:20

on-headers CVE-2025-7339 低危 1.0.2 1.1.0 on-headers: on-headers vulnerable to http response header manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7339

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2025-07-17 16:15 修改: 2026-06-17 10:04

brace-expansion CVE-2025-5889 低危 2.0.1 2.0.2, 1.1.12, 3.0.1, 4.0.1 brace-expansion: juliangruber brace-expansion index.js expand redos

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889

镜像层: sha256:139c1270acf1709f1b19712cbf4bff0fa680e1aa0103cd37aaa963d512176735

发布日期: 2025-06-09 19:15 修改: 2026-06-17 09:48

cookie CVE-2024-47764 低危 0.6.0 0.7.0 cookie: cookie accepts cookie name, path, and domain with out of bounds characters

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764

镜像层: sha256:3f33834c62a55edec603e08368c3099ffcab0807b214cac8eca133ea8b885784

发布日期: 2024-10-04 20:15 修改: 2026-06-17 07:57

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×