| json-schema |
CVE-2021-3918 |
严重 |
0.2.3 |
0.4.0 |
nodejs-json-schema: Prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3918
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-11-13 09:15 修改: 2023-02-03 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
0.0.8 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| minimist |
CVE-2021-44906 |
严重 |
1.2.0 |
1.2.6, 0.2.4 |
minimist: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44906
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-03-17 16:15 修改: 2024-06-21 19:15
|
| decode-uri-component |
CVE-2022-38900 |
高危 |
0.2.0 |
0.2.1 |
decode-uri-component: improper input validation resulting in DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38900
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-11-28 13:15 修改: 2023-11-07 03:50
|
| dot-prop |
CVE-2020-8116 |
高危 |
4.2.0 |
4.2.1, 5.1.1 |
nodejs-dot-prop: prototype pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8116
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-02-04 20:15 修改: 2022-08-05 19:32
|
| fstream |
CVE-2019-13173 |
高危 |
1.0.11 |
1.0.12 |
nodejs-fstream: File overwrite in fstream.DirWriter() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-13173
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2019-07-02 20:15 修改: 2020-08-24 17:37
|
| http-cache-semantics |
CVE-2022-25881 |
高危 |
3.8.1 |
4.1.1 |
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25881
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2023-01-31 05:15 修改: 2023-11-07 03:44
|
| ini |
CVE-2020-7788 |
高危 |
1.3.5 |
1.3.6 |
nodejs-ini: Prototype pollution via malicious INI file
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
|
| ip |
CVE-2024-29415 |
高危 |
1.1.5 |
|
node-ip: Incomplete fix for CVE-2023-42282
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29415
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2024-05-27 20:15 修改: 2024-08-16 14:35
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| minimatch |
CVE-2022-3517 |
高危 |
3.0.4 |
3.0.5 |
nodejs-minimatch: ReDoS via the braceExpand function
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3517
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-10-17 20:15 修改: 2023-11-07 03:51
|
| ansi-regex |
CVE-2021-3807 |
高危 |
3.0.0 |
6.0.1, 5.0.1, 4.1.1, 3.0.1 |
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3807
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:01
|
| cross-spawn |
CVE-2024-21538 |
高危 |
5.1.0 |
7.0.5, 6.0.6 |
cross-spawn: regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21538
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2024-11-08 05:15 修改: 2024-11-19 14:15
|
| npm |
CVE-2019-16775 |
高危 |
6.9.0 |
6.13.3 |
npm: Symlink reference outside of node_modules folder through the bin field upon installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16776 |
高危 |
6.9.0 |
6.13.3 |
npm: Arbitrary file write via constructed entry in the package.json bin field
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16777 |
高危 |
6.9.0 |
6.13.4 |
npm: Global node_modules Binary Overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm-user-validate |
CVE-2020-7754 |
高危 |
1.0.0 |
1.0.1 |
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7754
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-10-27 15:15 修改: 2020-10-27 17:31
|
| qs |
CVE-2022-24999 |
高危 |
6.5.2 |
6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4 |
express: "qs" prototype poisoning causes the hang of the node process
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24999
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-11-26 22:15 修改: 2023-09-08 17:15
|
| semver |
CVE-2022-25883 |
高危 |
5.3.0 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| semver |
CVE-2022-25883 |
高危 |
5.6.0 |
7.5.2, 6.3.1, 5.7.2 |
nodejs-semver: Regular expression denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25883
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2023-06-21 05:15 修改: 2023-11-07 03:44
|
| ssri |
CVE-2021-27290 |
高危 |
6.0.1 |
6.0.2, 7.1.1, 8.0.1 |
nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27290
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-03-12 22:15 修改: 2022-05-13 20:51
|
| tar |
CVE-2018-20834 |
高危 |
2.2.1 |
4.4.2, 2.2.2 |
nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-20834
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2019-04-30 19:29 修改: 2019-09-04 20:15
|
| tar |
CVE-2021-32804 |
高危 |
2.2.1 |
3.2.2, 4.4.14, 5.0.6, 6.1.1 |
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32804
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-03 19:15 修改: 2022-04-25 19:12
|
| tar |
CVE-2021-37713 |
高危 |
2.2.1 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
|
| tar |
CVE-2021-32803 |
高危 |
4.4.8 |
3.2.3, 4.4.15, 5.0.7, 6.1.2 |
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32803
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-03 19:15 修改: 2022-07-02 18:28
|
| tar |
CVE-2021-32804 |
高危 |
4.4.8 |
3.2.2, 4.4.14, 5.0.6, 6.1.1 |
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-32804
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-03 19:15 修改: 2022-04-25 19:12
|
| tar |
CVE-2021-37701 |
高危 |
4.4.8 |
4.4.16, 5.0.8, 6.1.7 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37701
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-31 17:15 修改: 2023-01-19 20:11
|
| tar |
CVE-2021-37712 |
高危 |
4.4.8 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37712
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-31 17:15 修改: 2023-02-23 02:28
|
| tar |
CVE-2021-37713 |
高危 |
4.4.8 |
4.4.18, 5.0.10, 6.1.9 |
nodejs-tar: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37713
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-08-31 17:15 修改: 2022-04-25 18:40
|
| y18n |
CVE-2020-7774 |
高危 |
3.2.1 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| y18n |
CVE-2020-7774 |
高危 |
4.0.0 |
3.2.2, 4.0.1, 5.0.5 |
nodejs-y18n: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7774
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-11-17 13:15 修改: 2022-12-02 19:40
|
| got |
CVE-2022-33987 |
中危 |
6.7.1 |
12.1.0, 11.8.5 |
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33987
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2022-06-18 21:15 修改: 2022-06-28 16:15
|
| minimist |
CVE-2020-7598 |
中危 |
1.2.0 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| hosted-git-info |
CVE-2021-23362 |
中危 |
2.7.1 |
2.8.9, 3.0.8 |
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23362
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-03-23 17:15 修改: 2023-08-08 14:22
|
| ajv |
CVE-2020-15366 |
中危 |
5.5.2 |
6.12.3 |
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15366
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-07-15 20:15 修改: 2024-06-21 19:15
|
| mem |
GHSA-4xcv-9jjx-gfj3 |
中危 |
1.1.0 |
4.0.0 |
Denial of Service in mem
漏洞详情: https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2024-28863 |
中危 |
2.2.1 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| npm |
CVE-2020-15095 |
中危 |
6.9.0 |
6.14.6 |
npm: sensitive information exposure through logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17
|
| npm-registry-fetch |
GHSA-jmqm-f2gx-4fjv |
中危 |
3.9.0 |
4.0.5, 8.1.1 |
Sensitive information exposure through logs in npm-registry-fetch
漏洞详情: https://github.com/advisories/GHSA-jmqm-f2gx-4fjv
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| https-proxy-agent |
GHSA-pc5p-h8pf-mvwp |
中危 |
2.2.1 |
2.2.3 |
Machine-In-The-Middle in https-proxy-agent
漏洞详情: https://github.com/advisories/GHSA-pc5p-h8pf-mvwp
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| path-parse |
CVE-2021-23343 |
中危 |
1.0.6 |
1.0.7 |
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23343
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2021-05-04 09:15 修改: 2023-11-07 03:30
|
| https-proxy-agent |
NSWG-ECO-505 |
中危 |
2.2.1 |
>=2.2.3 |
Man-in-the-Middle
漏洞详情: https://hackerone.com/reports/541502
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| tar |
CVE-2024-28863 |
中危 |
4.4.8 |
6.2.1 |
node-tar: denial of service while parsing a tar file due to lack of folders depth validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28863
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2024-03-21 23:15 修改: 2024-06-10 17:16
|
| tough-cookie |
CVE-2023-26136 |
中危 |
2.4.3 |
4.1.3 |
tough-cookie: prototype pollution in cookie memstore
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26136
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2023-07-01 05:15 修改: 2024-06-21 19:15
|
| request |
CVE-2023-28155 |
中危 |
2.88.0 |
|
The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28155
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2023-03-16 15:15 修改: 2024-08-02 13:15
|
| minimist |
CVE-2020-7598 |
中危 |
0.0.8 |
0.2.1, 1.2.3 |
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7598
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-03-11 23:15 修改: 2022-04-22 19:02
|
| yargs-parser |
CVE-2020-7608 |
中危 |
9.0.2 |
13.1.2, 15.0.1, 18.1.1, 5.0.1 |
nodejs-yargs-parser: prototype pollution vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7608
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2020-03-16 20:15 修改: 2022-11-15 16:40
|
| bin-links |
GHSA-2mj8-pj3j-h362 |
低危 |
1.1.2 |
1.1.5 |
Symlink reference outside of node_modules in bin-links
漏洞详情: https://github.com/advisories/GHSA-2mj8-pj3j-h362
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| bin-links |
GHSA-gqf6-75v8-vr26 |
低危 |
1.1.2 |
1.1.5 |
Arbitrary File Write in bin-links
漏洞详情: https://github.com/advisories/GHSA-gqf6-75v8-vr26
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ip |
CVE-2023-42282 |
低危 |
1.1.5 |
2.0.1, 1.1.9 |
nodejs-ip: arbitrary code execution via the isPublic() function
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42282
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 2024-02-08 17:15 修改: 2024-10-09 15:14
|
| bin-links |
GHSA-v45m-2wcp-gg98 |
低危 |
1.1.2 |
1.1.6 |
Global node_modules Binary Overwrite in bin-links
漏洞详情: https://github.com/advisories/GHSA-v45m-2wcp-gg98
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| npm-user-validate |
GHSA-xgh6-85xh-479p |
低危 |
1.0.0 |
1.0.1 |
Regular Expression Denial of Service in npm-user-validate
漏洞详情: https://github.com/advisories/GHSA-xgh6-85xh-479p
镜像层: sha256:6caeb2643085f3a38b265263e030406ba23ddca01aa00edc8e79b270c30ca4f8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|