ghcr.io/sooperset/mcp-atlassian:0.21.1 linux/amd64

ghcr.io/sooperset/mcp-atlassian:0.21.1 - Trivy安全扫描结果 扫描时间: 2026-07-15 14:22
全部漏洞信息
低危漏洞:27 中危漏洞:37 高危漏洞:31 严重漏洞:5

系统OS: alpine 3.23.3 扫描引擎: Trivy 扫描时间: 2026-07-15 14:22

ghcr.io/sooperset/mcp-atlassian:0.21.1 (alpine 3.23.3) (alpine)
低危漏洞:20 中危漏洞:16 高危漏洞:12 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libcrypto3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-31789 严重 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31789

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libcrypto3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libcrypto3 CVE-2026-45447 高危 3.5.5-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-07-14 12:17

libcrypto3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28387 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28387

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28388 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28388

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28389 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service vulnerability in CMS processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28389

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-28390 高危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28390

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:28

libssl3 CVE-2026-45447 高危 3.5.5-r0 3.5.7-r0 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45447

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-07-14 12:17

musl CVE-2026-40200 高危 1.2.5-r21 1.2.5-r23 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

musl-utils CVE-2026-40200 高危 1.2.5-r21 1.2.5-r23 musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40200

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-10 17:17 修改: 2026-06-17 10:44

libcrypto3 CVE-2026-34182 中危 3.5.5-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34183 中危 3.5.5-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-42764 中危 3.5.5-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45445 中危 3.5.5-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

libssl3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

libssl3 CVE-2026-34182 中危 3.5.5-r0 3.5.7-r0 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34182

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34183 中危 3.5.5-r0 3.5.7-r0 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34183

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42764 中危 3.5.5-r0 3.5.7-r0 openssl: NULL pointer dereference in QUIC server initial packet handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42764

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45445 中危 3.5.5-r0 3.5.7-r0 openssl: AES-OCB IV Ignored on EVP_Cipher() Path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45445

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libuuid CVE-2026-27456 中危 2.41.2-r0 2.41.4-r0 util-linux: TOCTOU in the mount program when setting up loop devices

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27456

镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923

发布日期: 2026-04-03 22:16 修改: 2026-06-17 10:27

libcrypto3 CVE-2026-2673 中危 3.5.5-r0 3.5.6-r0 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2673

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-03-13 19:54 修改: 2026-06-17 10:31

musl CVE-2026-6042 中危 1.2.5-r21 1.2.5-r22 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

libcrypto3 CVE-2026-31790 中危 3.5.5-r0 3.5.6-r0 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31790

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-07 22:16 修改: 2026-06-17 10:34

musl-utils CVE-2026-6042 中危 1.2.5-r21 1.2.5-r22 musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6042

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-04-10 09:16 修改: 2026-06-17 11:00

xz-libs CVE-2026-34743 中危 5.8.2-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34743

镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923

发布日期: 2026-04-02 19:21 修改: 2026-06-17 10:39

libcrypto3 CVE-2026-7383 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libcrypto3 CVE-2026-9076 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-34180 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libcrypto3 CVE-2026-34181 低危 3.5.5-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34180 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34180

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-34181 低危 3.5.5-r0 3.5.7-r0 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34181

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:38

libssl3 CVE-2026-42766 低危 3.5.5-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42767 低危 3.5.5-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42768 低危 3.5.5-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42769 低危 3.5.5-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-42770 低危 3.5.5-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libssl3 CVE-2026-45446 低危 3.5.5-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

libssl3 CVE-2026-7383 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-7383

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:02

libssl3 CVE-2026-9076 低危 3.5.5-r0 3.5.7-r0 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9076

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 11:04

libcrypto3 CVE-2026-42766 低危 3.5.5-r0 3.5.7-r0 openssl: Possible NULL Dereference in Password-Based CMS Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42766

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42767 低危 3.5.5-r0 3.5.7-r0 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42767

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42768 低危 3.5.5-r0 3.5.7-r0 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42768

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42769 低危 3.5.5-r0 3.5.7-r0 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42769

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-42770 低危 3.5.5-r0 3.5.7-r0 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42770

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:48

libcrypto3 CVE-2026-45446 低危 3.5.5-r0 3.5.7-r0 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45446

镜像层: sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e

发布日期: 2026-06-09 17:17 修改: 2026-06-17 10:52

Python (python-pkg)
低危漏洞:7 中危漏洞:21 高危漏洞:19 严重漏洞:3
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Authlib CVE-2026-27962 严重 1.6.8 1.6.9 authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27962

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16

fastmcp CVE-2026-32871 严重 2.14.5 3.2.0 fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32871

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-02 15:16 修改: 2026-07-08 13:16

mcp-atlassian CVE-2026-27825 严重 0.0.0 0.17.0 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27825

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-10 20:16 修改: 2026-06-17 10:27

PyJWT CVE-2026-32597 高危 2.11.0 2.12.0 pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32597

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-13 19:55 修改: 2026-07-10 12:16

PyJWT CVE-2026-48526 高危 2.11.0 2.13.0 python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-28 16:16 修改: 2026-07-13 13:16

cryptography GHSA-537c-gmf6-5ccf 高危 46.0.5 48.0.1 Vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

Authlib CVE-2026-28490 高危 1.6.8 1.6.9 authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28490

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:28

fastmcp CVE-2026-27124 高危 2.14.5 3.2.0 FastMCP: FastMCP OAuthProxy: FastMCP OAuthProxy: Unauthorized actions due to improper consent validation in GitHub OAuth

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27124

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-03 16:16 修改: 2026-06-17 10:26

lupa CVE-2026-34444 高危 2.6 lupa: Lupa: Arbitrary Code Execution due to inconsistent attribute filtering

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34444

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-06 16:16 修改: 2026-06-30 03:18

lxml CVE-2026-41066 高危 6.0.2 6.1.0 lxml: python: lxml: Information disclosure via untrusted XML input leading to local file read

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41066

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-24 17:16 修改: 2026-06-17 10:46

Authlib CVE-2026-28498 高危 1.6.8 1.6.9 authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28498

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16

mcp-atlassian CVE-2026-27826 高危 0.0.0 0.17.0 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27826

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-10 19:17 修改: 2026-06-17 10:27

mcp-atlassian GHSA-g5r6-gv6m-f5jv 高危 0.0.0 0.22.0 mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment

漏洞详情: https://github.com/advisories/GHSA-g5r6-gv6m-f5jv

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-07-10 19:34 修改: 2026-07-10 19:34

mcp-atlassian GHSA-wm45-qh3g-v83f 高危 0.0.0 0.22.0 mcp-atlassian: Arbitrary server-side file read via attachment upload

漏洞详情: https://github.com/advisories/GHSA-wm45-qh3g-v83f

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-07-10 19:34 修改: 2026-07-10 19:34

python-multipart CVE-2026-42561 高危 0.0.22 0.0.27 python-multipart: python-multipart: Denial of Service via excessive multipart part headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42561

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-13 21:16 修改: 2026-07-14 12:17

python-multipart CVE-2026-53539 高危 0.0.22 0.0.30 Python-Multipart is a streaming multipart parser for Python. Prior to ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53539

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:50

soupsieve CVE-2026-49476 高危 2.8.3 2.8.4 Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49476

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

soupsieve CVE-2026-49477 高危 2.8.3 2.8.4 Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49477

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

starlette CVE-2026-48818 高危 0.52.1 1.1.0 starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48818

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-17 19:18 修改: 2026-06-30 03:20

starlette CVE-2026-54283 高危 0.52.1 1.3.1 starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54283

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:16

urllib3 CVE-2026-44431 高危 2.6.3 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

urllib3 CVE-2026-44432 高危 2.6.3 2.7.0 urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44432

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-13 16:16 修改: 2026-07-13 13:16

cryptography CVE-2026-39892 中危 46.0.5 46.0.7 cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16

diskcache CVE-2025-69872 中危 5.6.3 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69872

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-02-11 19:15 修改: 2026-07-08 13:16

mcp-atlassian GHSA-489g-7rxv-6c8q 中危 0.0.0 0.22.0 MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)

漏洞详情: https://github.com/advisories/GHSA-489g-7rxv-6c8q

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-07-10 18:01 修改: 2026-07-10 18:01

pip CVE-2026-3219 中危 26.0.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 26.0.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-8643 中危 26.0.1 26.1.2 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643

镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923

发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17

pydantic-settings GHSA-4xgf-cpjx-pc3j 中危 2.13.1 2.14.2 pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

漏洞详情: https://github.com/advisories/GHSA-4xgf-cpjx-pc3j

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-19 22:10 修改: 2026-06-19 22:10

pymdown-extensions CVE-2026-46338 中危 10.21 10.21.3 Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46338

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

python-dotenv CVE-2026-28684 中危 1.2.1 1.2.2 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28684

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-20 17:16 修改: 2026-06-17 10:28

Authlib CVE-2026-41425 中危 1.6.8 1.6.11 authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41425

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-24 20:16 修改: 2026-06-17 10:46

Authlib CVE-2026-41479 中危 1.6.8 1.6.10, 1.7.1 Authlib is a Python library which builds OAuth and OpenID Connect serv ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41479

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 21:16 修改: 2026-06-26 20:10

python-multipart CVE-2026-40347 中危 0.0.22 0.0.26 python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40347

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-18 00:16 修改: 2026-06-17 10:45

requests CVE-2026-25645 中危 2.32.5 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

fastmcp CVE-2025-64340 中危 2.14.5 3.2.0 FastMCP has a Command Injection vulnerability - Gemini CLI

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64340

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-04-03 16:16 修改: 2026-06-17 09:54

idna CVE-2026-45409 中危 3.11 3.15 python-idna: idna: Denial of Service via specially crafted long inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

PyJWT CVE-2026-48522 中危 2.11.0 2.13.0 python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

PyJWT CVE-2026-48523 中危 2.11.0 2.13.0 python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48523

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

starlette CVE-2026-48710 中危 0.52.1 1.0.1 starlette: Starlette: Security restriction bypass via malformed HTTP Host header

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-26 22:16 修改: 2026-07-10 12:17

starlette CVE-2026-48817 中危 0.52.1 1.1.0 starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48817

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-17 20:17 修改: 2026-06-26 19:18

PyJWT CVE-2026-48525 中危 2.11.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

Authlib CVE-2026-44681 中危 1.6.8 1.7.1, 1.6.12 Authlib is a Python library which builds OAuth and OpenID Connect serv ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44681

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51

python-multipart CVE-2026-53537 低危 0.0.22 0.0.30 multipart: Python-Multipart: Information disclosure via header parsing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53537

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:54

python-multipart CVE-2026-53538 低危 0.0.22 0.0.30 python-multipart: Python-Multipart: Information disclosure due to parser differential in form data handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53538

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:52

python-multipart CVE-2026-53540 低危 0.0.22 0.0.31 python-multipart: Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53540

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:50

PyJWT CVE-2026-48524 低危 2.11.0 2.13.0 python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55

starlette CVE-2026-54282 低危 0.52.1 1.3.0 starlette: Starlette: Information disclosure due to improper HTTP request path validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54282

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:18

Pygments CVE-2026-4539 低危 2.19.2 2.20.0 pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4539

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-22 06:16 修改: 2026-06-17 10:56

cryptography CVE-2026-34073 低危 46.0.5 46.0.6 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073

镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×