| cross-spawn |
CVE-2024-21538 |
高危 |
7.0.3 |
7.0.5, 6.0.6 |
cross-spawn: regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2024-11-08 05:15 修改: 2026-04-15 00:35
|
| glob |
CVE-2025-64756 |
高危 |
10.4.2 |
11.1.0, 10.5.0 |
glob: glob: Command Injection Vulnerability via Malicious Filenames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-64756
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2025-11-17 18:15 修改: 2025-12-02 19:34
|
| minimatch |
CVE-2026-26996 |
高危 |
9.0.5 |
10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3 |
minimatch: minimatch: Denial of Service via specially crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26996
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-20 03:16 修改: 2026-03-06 21:32
|
| minimatch |
CVE-2026-27903 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3 |
minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27903
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:21
|
| minimatch |
CVE-2026-27904 |
高危 |
9.0.5 |
10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4 |
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27904
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-26 02:16 修改: 2026-02-27 17:16
|
| tar |
CVE-2026-23745 |
高危 |
6.2.1 |
7.5.3 |
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23745
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-16 22:16 修改: 2026-02-18 16:20
|
| tar |
CVE-2026-23950 |
高危 |
6.2.1 |
7.5.4 |
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23950
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-20 01:15 修改: 2026-02-18 15:50
|
| tar |
CVE-2026-24842 |
高危 |
6.2.1 |
7.5.7 |
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24842
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-28 01:16 修改: 2026-02-02 14:30
|
| tar |
CVE-2026-26960 |
高危 |
6.2.1 |
7.5.8 |
node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26960
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-02-20 02:16 修改: 2026-02-20 19:24
|
| tar |
CVE-2026-29786 |
高危 |
6.2.1 |
7.5.10 |
node-tar: hardlink path traversal via drive-relative linkpath
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29786
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-07 16:15 修改: 2026-03-11 21:50
|
| tar |
CVE-2026-31802 |
高危 |
6.2.1 |
7.5.11 |
tar: tar: File overwrite via drive-relative symlink traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31802
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-10 07:44 修改: 2026-03-18 18:13
|
| ip-address |
CVE-2026-42338 |
中危 |
9.0.5 |
10.1.1 |
ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42338
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-05-12 20:16 修改: 2026-05-19 20:04
|
| brace-expansion |
CVE-2026-33750 |
中危 |
2.0.1 |
5.0.5, 3.0.2, 2.0.3, 1.1.13 |
brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33750
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-03-27 15:16 修改: 2026-04-22 14:23
|
| diff |
CVE-2026-24001 |
低危 |
5.2.0 |
8.0.3, 5.2.2, 4.0.4, 3.5.1 |
jsdiff: denial of service vulnerability in parsePatch and applyPatch
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24001
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2026-01-22 03:15 修改: 2026-03-04 15:23
|
| brace-expansion |
CVE-2025-5889 |
低危 |
2.0.1 |
2.0.2, 1.1.12, 3.0.1, 4.0.1 |
brace-expansion: juliangruber brace-expansion index.js expand redos
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5889
镜像层: sha256:4983b93ee7967564f02cbf6162b75010ce557404a539fba05ee19a0eae01acbc
发布日期: 2025-06-09 19:15 修改: 2026-04-29 01:00
|