VYPR

CWE-1395

Dependency on Vulnerable Third-Party Component

ClassIncomplete

Description

The product has a dependency on a third-party component that contains one or more known vulnerabilities.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (5)

  • CVE-2026-34841CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.00

    Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of…

  • CVE-2024-56327CriDec 19, 2024
    risk 0.57cvss 9.8epss 0.00

    pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions…

  • CVE-2025-22871CriApr 8, 2025
    risk 0.52cvss 9.1epss 0.01

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

  • CVE-2024-12797MedFeb 11, 2025
    risk 0.34cvss 6.3epss 0.02

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections…

  • CVE-2024-45399Sep 4, 2024
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when…