ghcr.io/multica-ai/multica-web:v0.3.23 linux/amd64

ghcr.io/multica-ai/multica-web:v0.3.23 - Trivy安全扫描结果 扫描时间: 2026-06-17 17:27
全部漏洞信息
低危漏洞:0 中危漏洞:5 高危漏洞:1 严重漏洞:0

系统OS: alpine 3.24.1 扫描引擎: Trivy 扫描时间: 2026-06-17 17:27

ghcr.io/multica-ai/multica-web:v0.3.23 (alpine 3.24.1) (alpine)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Node.js (node-pkg)
低危漏洞:0 中危漏洞:5 高危漏洞:1 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
picomatch CVE-2026-33671 高危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33671

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:45
ip-address CVE-2026-42338 中危 10.1.0 10.1.1 ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
brace-expansion CVE-2026-33750 中危 2.0.2 5.0.5, 3.0.2, 2.0.3, 1.1.13 brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
picomatch CVE-2026-33672 中危 4.0.3 4.0.4, 3.0.2, 2.3.2 picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33672

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 2026-03-26 22:16 修改: 2026-04-01 13:44
postcss CVE-2026-41305 中危 8.4.31 8.5.10 postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41305

镜像层: sha256:9279db8a6cc6e8c1446953597e73de6dd05f31a0cddf237d1b458423fc1a35bd

发布日期: 2026-04-24 03:16 修改: 2026-04-24 17:16
tar CVE-2026-53655 中危 7.5.11 7.5.16 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655

镜像层: sha256:da5bb52b6bf9b391f3dcb16bdc99f184dd13bb6c50b2134aac0d95a46791b14c

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00