ghcr.io/sillytavern/sillytavern:staging linux/arm64

ghcr.io/sillytavern/sillytavern:staging - Trivy安全扫描结果扫描时间: 2026-06-20 20:39 温馨提示: 这是一个 linux/arm64 系统架构镜像

全部漏洞信息

低危漏洞:26

中危漏洞:35

高危漏洞:27

严重漏洞:1

系统OS: alpine 3.23.4 扫描引擎: Trivy 扫描时间: 2026-06-20 20:39

ghcr.io/sillytavern/sillytavern:staging (alpine 3.23.4) (alpine)

低危漏洞:20

中危漏洞:8

高危漏洞:2

严重漏洞:0

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
libcrypto3	CVE-2026-45447	高危	3.5.6-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libssl3	CVE-2026-45447	高危	3.5.6-r0	3.5.7-r0	openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:56
libcrypto3	CVE-2026-34183	中危	3.5.6-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libcrypto3	CVE-2026-42764	中危	3.5.6-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3	CVE-2026-45445	中危	3.5.6-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3	CVE-2026-34182	中危	3.5.6-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34182	中危	3.5.6-r0	3.5.7-r0	openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34183	中危	3.5.6-r0	3.5.7-r0	openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:12
libssl3	CVE-2026-42764	中危	3.5.6-r0	3.5.7-r0	openssl: NULL pointer dereference in QUIC server initial packet handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3	CVE-2026-45445	中危	3.5.6-r0	3.5.7-r0	openssl: AES-OCB IV Ignored on EVP_Cipher() Path 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3	CVE-2026-42769	低危	3.5.6-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libcrypto3	CVE-2026-42770	低危	3.5.6-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3	CVE-2026-45446	低危	3.5.6-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libcrypto3	CVE-2026-7383	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libcrypto3	CVE-2026-9076	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45
libcrypto3	CVE-2026-34180	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3	CVE-2026-34181	低危	3.5.6-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libcrypto3	CVE-2026-42766	低危	3.5.6-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libcrypto3	CVE-2026-42767	低危	3.5.6-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libcrypto3	CVE-2026-42768	低危	3.5.6-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-34180	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-34181	低危	3.5.6-r0	3.5.7-r0	openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:13
libssl3	CVE-2026-42766	低危	3.5.6-r0	3.5.7-r0	openssl: Possible NULL Dereference in Password-Based CMS Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:25
libssl3	CVE-2026-42767	低危	3.5.6-r0	3.5.7-r0	openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-42768	低危	3.5.6-r0	3.5.7-r0	openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-42769	低危	3.5.6-r0	3.5.7-r0	openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-15 18:26
libssl3	CVE-2026-42770	低危	3.5.6-r0	3.5.7-r0	openssl: FFC-DH Peer Validation Uses Attacker-Supplied q 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:58
libssl3	CVE-2026-45446	低危	3.5.6-r0	3.5.7-r0	openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:57
libssl3	CVE-2026-7383	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:46
libssl3	CVE-2026-9076	低危	3.5.6-r0	3.5.7-r0	openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076 镜像层: sha256:a8d26d037006414043b277ecb95287692d0960219289d9e27b0bcea0ce233b02 发布日期: 2026-06-09 17:17 修改: 2026-06-16 02:45

Node.js (node-pkg)

低危漏洞:6

中危漏洞:27

高危漏洞:25

严重漏洞:1

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
protobufjs	CVE-2026-41242	严重	6.11.4	8.0.1, 7.5.5	protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41242 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-04-18 17:16 修改: 2026-04-23 15:26
axios	CVE-2026-44487	高危	1.15.2	1.16.0, 0.32.0	axios: Axios: Information disclosure of proxy credentials via redirect flows 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44487 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:19
axios	CVE-2026-44488	高危	1.15.2	1.16.0	axios: Axios: Denial of Service due to unenforced request and response size limits 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44488 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-12 19:04
axios	CVE-2026-44492	高危	1.15.2	1.16.0, 0.32.0	axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44492 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-13 03:16
axios	CVE-2026-44494	高危	1.15.2	1.16.0	axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44494 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-12 18:01
axios	CVE-2026-44496	高危	1.15.2	1.16.0, 0.32.0	axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44496 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-12 18:00
fast-uri	CVE-2026-6321	高危	3.1.0	3.1.1	fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6321 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-04 20:16 修改: 2026-05-12 18:54
fast-uri	CVE-2026-6322	高危	3.1.0	3.1.2	fast-uri: fast-uri: URI authority bypass due to improper delimiter handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6322 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-05 11:16 修改: 2026-05-12 19:11
form-data	CVE-2026-12143	高危	4.0.5	2.5.6, 3.0.5, 4.0.6	form-data is a library for creating readable multipart/form-data strea ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-12143 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-12 19:16 修改: 2026-06-16 15:42
lodash	CVE-2026-4800	高危	4.17.21	4.18.0	lodash: lodash: Arbitrary code execution via untrusted input in template imports 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-31 20:16 修改: 2026-05-01 18:09
lodash-es	CVE-2026-4800	高危	4.17.23	4.18.0	lodash: lodash: Arbitrary code execution via untrusted input in template imports 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4800 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-31 20:16 修改: 2026-05-01 18:09
minimatch	CVE-2026-26996	高危	3.1.2	10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3	minimatch: minimatch: Denial of Service via specially crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-02-20 03:16 修改: 2026-03-06 21:32
minimatch	CVE-2026-27903	高危	3.1.2	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3	minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
minimatch	CVE-2026-27904	高危	3.1.2	10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4	minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
multer	CVE-2026-5079	高危	2.1.1	2.2.0, 3.0.0-alpha.2	Multer vulnerable to Denial of Service via deeply nested field names 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5079 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 14:16 修改: 2026-06-16 16:49
axios	CVE-2026-44486	高危	1.15.2	1.16.0, 0.32.0	axios: Axios: Information disclosure of proxy credentials via HTTP redirects 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44486 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-13 03:16
protobufjs	CVE-2026-44289	高危	6.11.4	7.5.6, 8.0.2	protobuf.js: Denial of service through unbounded protobuf recursion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44289 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-13 20:50
protobufjs	CVE-2026-44290	高危	6.11.4	7.5.6, 8.0.2	protobuf.js: Process-wide denial of service through unsafe option paths 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44290 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-14 12:23
protobufjs	CVE-2026-44291	高危	6.11.4	7.5.6, 8.0.2	protobuf.js: Code generation gadget after prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44291 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-14 12:22
protobufjs	CVE-2026-44293	高危	6.11.4	7.5.6, 8.0.2	protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44293 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-13 20:56
protobufjs	CVE-2026-48712	高危	6.11.4	7.6.1, 8.4.1	protobufjs: Denial of service through unbounded Any expansion during JSON conversion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48712 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
simple-git	CVE-2026-6951	高危	3.33.0	3.36.0	simple-git: simple-git: Remote Code Execution due to incomplete fix bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6951 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-04-25 06:16 修改: 2026-05-18 18:20
taffydb	CVE-2019-10790	高危	2.6.2		taffy: taffydb: Internal Property Tampering 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10790 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2020-02-17 20:15 修改: 2024-11-21 04:19
tmp	CVE-2026-44705	高危	0.2.1	0.2.6	tmp is a temporary file and directory creator for node.js. Prior to 0. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44705 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-15 12:52
underscore	CVE-2026-27601	高危	1.13.4	1.13.8	Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27601 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-03 23:15 修改: 2026-04-28 15:06
ws	CVE-2026-48779	高危	8.18.3	5.2.5, 6.2.4, 7.5.11, 8.21.0	ws is an open source WebSocket client and server for Node.js. All vers ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48779 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
markdown-it	CVE-2026-48988	中危	12.3.2	14.2.0	markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48988 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dompurify	CVE-2026-49459	中危	3.4.2	3.4.6	DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49459 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dompurify	CVE-2026-49978	中危	3.4.2	3.4.7	DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49978 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
dompurify	GHSA-76mc-f452-cxcm	中危	3.4.2	3.4.7	DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR` 漏洞详情: https://github.com/advisories/GHSA-76mc-f452-cxcm 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 19:59 修改: 2026-06-15 19:59
dompurify	GHSA-cmwh-pvxp-8882	中危	3.4.2	3.4.11	DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch) 漏洞详情: https://github.com/advisories/GHSA-cmwh-pvxp-8882 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-18 14:27 修改: 2026-06-18 14:27
multer	CVE-2026-5038	中危	2.1.1	2.2.0, 3.0.0-alpha.2	Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5038 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 16:16 修改: 2026-06-16 16:59
@protobufjs/utf8	CVE-2026-44288	中危	1.1.0	1.1.1	protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-19 20:46
axios	CVE-2026-44490	中危	1.15.2	1.16.0, 0.32.0	axios: Axios: Information disclosure and denial of service due to prototype pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44490 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-15 16:31
file-type	CVE-2026-31808	中危	16.5.4	21.3.1	file-type: file-type: Denial of Service due to infinite loop in ASF file parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31808 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-10 21:16 修改: 2026-03-18 19:48
brace-expansion	CVE-2026-33750	中危	1.1.11	5.0.5, 3.0.2, 2.0.3, 1.1.13	brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
ip-address	CVE-2026-42338	中危	10.1.0	10.1.1	ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:64106ac5ea7b2943e2e084ba6199a380f380ecc48c372745aa13da7806c707f0 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
ip-address	CVE-2026-42338	中危	9.0.5	10.1.1	ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
protobufjs	CVE-2026-44288	中危	6.11.4	7.5.6, 8.0.2	protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44288 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-19 20:46
protobufjs	CVE-2026-44292	中危	6.11.4	7.5.6, 8.0.2	protobuf.js: Prototype injection in generated message constructors 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44292 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-13 20:58
protobufjs	CVE-2026-44294	中危	6.11.4	7.5.6, 8.0.2	protobuf.js: Denial of service from crafted field names in generated code 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44294 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:16 修改: 2026-05-13 20:55
protobufjs	CVE-2026-45740	中危	6.11.4	7.5.8, 8.2.0	protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45740 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-13 16:17 修改: 2026-05-13 20:50
protobufjs	CVE-2026-54269	中危	6.11.4	7.6.3, 8.6.0	protobufjs : Schema-derived names can shadow runtime-significant properties 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54269 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
qs	CVE-2026-8723	中危	6.14.2	6.15.2	### Summary `qs.stringify` throws `TypeError` when called with `arr ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8723 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-17 00:16 修改: 2026-05-18 20:23
showdown	CVE-2024-1899	中危	2.1.0		Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1899 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2024-02-26 19:15 修改: 2025-09-18 16:25
brace-expansion	CVE-2026-45149	中危	5.0.5	5.0.6	brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45149 镜像层: sha256:64106ac5ea7b2943e2e084ba6199a380f380ecc48c372745aa13da7806c707f0 发布日期: 2026-05-29 20:16 修改: 2026-06-12 18:38
lodash	CVE-2025-13465	中危	4.17.21	4.17.23	lodash: prototype pollution in _.unset and _.omit functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-13465 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-01-21 20:16 修改: 2026-06-02 14:16
tar	CVE-2026-53655	中危	7.5.13	7.5.16	node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling) 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53655 镜像层: sha256:64106ac5ea7b2943e2e084ba6199a380f380ecc48c372745aa13da7806c707f0 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
lodash	CVE-2026-2950	中危	4.17.21	4.18.0	lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-31 20:16 修改: 2026-04-07 16:12
dompurify	CVE-2026-49458	中危	3.4.2	3.4.6	DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49458 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
uuid	CVE-2026-41907	中危	9.0.1	11.1.1, 12.0.1, 13.0.1	uuid: uuid: Out-of-bounds write vulnerability impacts data integrity and confidentiality 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41907 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-04-24 19:17 修改: 2026-05-11 13:53
lodash-es	CVE-2026-2950	中危	4.17.23	4.18.0	lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2950 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-03-31 20:16 修改: 2026-04-07 16:12
ws	CVE-2026-45736	中危	8.18.3	8.20.1	ws is an open source WebSocket client and server for Node.js. Prior to ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45736 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-05-15 15:16 修改: 2026-05-19 14:39
dompurify	GHSA-vxr8-fq34-vvx9	低危	3.4.2	3.4.9	DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output 漏洞详情: https://github.com/advisories/GHSA-vxr8-fq34-vvx9 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
tmp	CVE-2025-54798	低危	0.2.1	0.2.4	tmp: tmp Symbolic Link Write Vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54798 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2025-08-07 01:15 修改: 2025-11-03 20:19
dompurify	GHSA-x4vx-rjvf-j5p4	低危	3.4.2		DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects 漏洞详情: https://github.com/advisories/GHSA-x4vx-rjvf-j5p4 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 20:00 修改: 2026-06-15 20:00
axios	CVE-2026-44489	低危	1.15.2	1.16.0	axios: Axios: Information disclosure via Prototype Pollution 漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44489 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-11 17:16 修改: 2026-06-15 16:13
brace-expansion	CVE-2025-5889	低危	1.1.11	2.0.2, 1.1.12, 3.0.1, 4.0.1	brace-expansion: juliangruber brace-expansion index.js expand redos 漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2025-06-09 19:15 修改: 2026-04-29 01:00
dompurify	GHSA-gvmj-g25r-r7wr	低危	3.4.2	3.4.8	DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes 漏洞详情: https://github.com/advisories/GHSA-gvmj-g25r-r7wr 镜像层: sha256:7b8e155b0ca20fbcb5e3852651a908a154f2a399c4a98b743b44c92f985e5091 发布日期: 2026-06-15 20:02 修改: 2026-06-15 20:02