| Authlib |
CVE-2026-27962 |
严重 |
1.6.8 |
1.6.9 |
authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27962
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16
|
| fastmcp |
CVE-2026-32871 |
严重 |
2.14.5 |
3.2.0 |
fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32871
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-02 15:16 修改: 2026-07-08 13:16
|
| mcp-atlassian |
CVE-2026-27825 |
严重 |
0.0.0 |
0.17.0 |
MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27825
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-10 20:16 修改: 2026-06-17 10:27
|
| PyJWT |
CVE-2026-32597 |
高危 |
2.11.0 |
2.12.0 |
pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32597
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-13 19:55 修改: 2026-07-10 12:16
|
| PyJWT |
CVE-2026-48526 |
高危 |
2.11.0 |
2.13.0 |
python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48526
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-28 16:16 修改: 2026-07-13 13:16
|
| cryptography |
GHSA-537c-gmf6-5ccf |
高危 |
46.0.5 |
48.0.1 |
Vulnerable OpenSSL included in cryptography wheels
漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12
|
| Authlib |
CVE-2026-28490 |
高危 |
1.6.8 |
1.6.9 |
authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28490
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-16 18:16 修改: 2026-06-17 10:28
|
| fastmcp |
CVE-2026-27124 |
高危 |
2.14.5 |
3.2.0 |
FastMCP: FastMCP OAuthProxy: FastMCP OAuthProxy: Unauthorized actions due to improper consent validation in GitHub OAuth
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27124
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-03 16:16 修改: 2026-06-17 10:26
|
| lupa |
CVE-2026-34444 |
高危 |
2.6 |
|
lupa: Lupa: Arbitrary Code Execution due to inconsistent attribute filtering
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34444
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-06 16:16 修改: 2026-06-30 03:18
|
| lxml |
CVE-2026-41066 |
高危 |
6.0.2 |
6.1.0 |
lxml: python: lxml: Information disclosure via untrusted XML input leading to local file read
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41066
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-24 17:16 修改: 2026-06-17 10:46
|
| Authlib |
CVE-2026-28498 |
高危 |
1.6.8 |
1.6.9 |
authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28498
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-16 18:16 修改: 2026-07-01 13:16
|
| mcp-atlassian |
CVE-2026-27826 |
高危 |
0.0.0 |
0.17.0 |
MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27826
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-10 19:17 修改: 2026-06-17 10:27
|
| mcp-atlassian |
GHSA-g5r6-gv6m-f5jv |
高危 |
0.0.0 |
0.22.0 |
mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment
漏洞详情: https://github.com/advisories/GHSA-g5r6-gv6m-f5jv
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-07-10 19:34 修改: 2026-07-10 19:34
|
| mcp-atlassian |
GHSA-wm45-qh3g-v83f |
高危 |
0.0.0 |
0.22.0 |
mcp-atlassian: Arbitrary server-side file read via attachment upload
漏洞详情: https://github.com/advisories/GHSA-wm45-qh3g-v83f
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-07-10 19:34 修改: 2026-07-10 19:34
|
| python-multipart |
CVE-2026-42561 |
高危 |
0.0.22 |
0.0.27 |
python-multipart: python-multipart: Denial of Service via excessive multipart part headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42561
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-13 21:16 修改: 2026-07-14 12:17
|
| python-multipart |
CVE-2026-53539 |
高危 |
0.0.22 |
0.0.30 |
Python-Multipart is a streaming multipart parser for Python. Prior to ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53539
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:50
|
| soupsieve |
CVE-2026-49476 |
高危 |
2.8.3 |
2.8.4 |
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49476
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| soupsieve |
CVE-2026-49477 |
高危 |
2.8.3 |
2.8.4 |
Soup Sieve: Regular Expression Denial of Service (ReDoS) via Selector Parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49477
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| starlette |
CVE-2026-48818 |
高危 |
0.52.1 |
1.1.0 |
starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48818
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-17 19:18 修改: 2026-06-30 03:20
|
| starlette |
CVE-2026-54283 |
高危 |
0.52.1 |
1.3.1 |
starlette: Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54283
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:16
|
| urllib3 |
CVE-2026-44431 |
高危 |
2.6.3 |
2.7.0 |
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16
|
| urllib3 |
CVE-2026-44432 |
高危 |
2.6.3 |
2.7.0 |
urllib3: urllib3: Denial of Service due to excessive HTTP response decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44432
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-13 16:16 修改: 2026-07-13 13:16
|
| cryptography |
CVE-2026-39892 |
中危 |
46.0.5 |
46.0.7 |
cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-39892
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-08 21:17 修改: 2026-07-10 12:16
|
| diskcache |
CVE-2025-69872 |
中危 |
5.6.3 |
|
python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69872
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-02-11 19:15 修改: 2026-07-08 13:16
|
| mcp-atlassian |
GHSA-489g-7rxv-6c8q |
中危 |
0.0.0 |
0.22.0 |
MCP Atlassian: DNS-rebinding TOCTOU bypass of the SSRF fix (CVE-2026-27826)
漏洞详情: https://github.com/advisories/GHSA-489g-7rxv-6c8q
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-07-10 18:01 修改: 2026-07-10 18:01
|
| pip |
CVE-2026-3219 |
中危 |
26.0.1 |
26.1 |
pip: pip: Incorrect file installation due to improper archive handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219
镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923
发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43
|
| pip |
CVE-2026-6357 |
中危 |
26.0.1 |
26.1 |
pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357
镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923
发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00
|
| pip |
CVE-2026-8643 |
中危 |
26.0.1 |
26.1.2 |
python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-8643
镜像层: sha256:00ec3d5cb2ae07c574f210efd9a5344c8187df7f7b16290d03d37101cd438923
发布日期: 2026-06-01 17:17 修改: 2026-07-10 12:17
|
| pydantic-settings |
GHSA-4xgf-cpjx-pc3j |
中危 |
2.13.1 |
2.14.2 |
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
漏洞详情: https://github.com/advisories/GHSA-4xgf-cpjx-pc3j
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-19 22:10 修改: 2026-06-19 22:10
|
| pymdown-extensions |
CVE-2026-46338 |
中危 |
10.21 |
10.21.3 |
Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-46338
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| python-dotenv |
CVE-2026-28684 |
中危 |
1.2.1 |
1.2.2 |
python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-28684
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-20 17:16 修改: 2026-06-17 10:28
|
| Authlib |
CVE-2026-41425 |
中危 |
1.6.8 |
1.6.11 |
authlib: Authlib: Cross-Site Request Forgery (CSRF) vulnerability in OAuth cache feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41425
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-24 20:16 修改: 2026-06-17 10:46
|
| Authlib |
CVE-2026-41479 |
中危 |
1.6.8 |
1.6.10, 1.7.1 |
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41479
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 21:16 修改: 2026-06-26 20:10
|
| python-multipart |
CVE-2026-40347 |
中危 |
0.0.22 |
0.0.26 |
python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40347
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-18 00:16 修改: 2026-06-17 10:45
|
| requests |
CVE-2026-25645 |
中危 |
2.32.5 |
2.33.0 |
requests: Requests: Security bypass due to predictable temporary file creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25
|
| fastmcp |
CVE-2025-64340 |
中危 |
2.14.5 |
3.2.0 |
FastMCP has a Command Injection vulnerability - Gemini CLI
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64340
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-04-03 16:16 修改: 2026-06-17 09:54
|
| idna |
CVE-2026-45409 |
中危 |
3.11 |
3.15 |
python-idna: idna: Denial of Service via specially crafted long inputs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52
|
| PyJWT |
CVE-2026-48522 |
中危 |
2.11.0 |
2.13.0 |
python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48522
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| PyJWT |
CVE-2026-48523 |
中危 |
2.11.0 |
2.13.0 |
python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48523
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| starlette |
CVE-2026-48710 |
中危 |
0.52.1 |
1.0.1 |
starlette: Starlette: Security restriction bypass via malformed HTTP Host header
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48710
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-26 22:16 修改: 2026-07-10 12:17
|
| starlette |
CVE-2026-48817 |
中危 |
0.52.1 |
1.1.0 |
starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48817
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-17 20:17 修改: 2026-06-26 19:18
|
| PyJWT |
CVE-2026-48525 |
中危 |
2.11.0 |
2.13.0 |
python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48525
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| Authlib |
CVE-2026-44681 |
中危 |
1.6.8 |
1.7.1, 1.6.12 |
Authlib is a Python library which builds OAuth and OpenID Connect serv ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44681
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-27 20:16 修改: 2026-06-17 10:51
|
| python-multipart |
CVE-2026-53537 |
低危 |
0.0.22 |
0.0.30 |
multipart: Python-Multipart: Information disclosure via header parsing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53537
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:54
|
| python-multipart |
CVE-2026-53538 |
低危 |
0.0.22 |
0.0.30 |
python-multipart: Python-Multipart: Information disclosure due to parser differential in form data handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53538
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:52
|
| python-multipart |
CVE-2026-53540 |
低危 |
0.0.22 |
0.0.31 |
python-multipart: Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-53540
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:50
|
| PyJWT |
CVE-2026-48524 |
低危 |
2.11.0 |
2.13.0 |
python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48524
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-05-28 16:16 修改: 2026-06-17 10:55
|
| starlette |
CVE-2026-54282 |
低危 |
0.52.1 |
1.3.0 |
starlette: Starlette: Information disclosure due to improper HTTP request path validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54282
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-06-22 18:16 修改: 2026-06-26 19:18
|
| Pygments |
CVE-2026-4539 |
低危 |
2.19.2 |
2.20.0 |
pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4539
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-22 06:16 修改: 2026-06-17 10:56
|
| cryptography |
CVE-2026-34073 |
低危 |
46.0.5 |
46.0.6 |
python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073
镜像层: sha256:57e52a84d06c9e51c485dc89936fee18cd72136d1c3387bd28125aff54679527
发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38
|