VYPR

apk package

chainguard/apache-beam-python-3.12-sdk

pkg:apk/chainguard/apache-beam-python-3.12-sdk

Vulnerabilities (28)

  • CVE-2026-33186CriMar 20, 2026
    affected < 2.71.0-r1fixed 2.71.0-r1

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi

  • CVE-2026-33231Mar 20, 2026
    affected < 2.71.0-r2fixed 2.71.0-r2

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B

  • CVE-2026-33230Mar 20, 2026
    affected < 2.71.0-r2fixed 2.71.0-r2

    NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku

  • CVE-2026-32875Mar 20, 2026
    affected < 2.71.0-r1fixed 2.71.0-r1

    UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the

  • CVE-2026-32874Mar 20, 2026
    affected < 2.71.0-r1fixed 2.71.0-r1

    UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The leaked memory is a copy of the string form

  • CVE-2026-30922HigMar 18, 2026
    affected < 2.71.0-r1fixed 2.71.0-r1

    pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa

  • CVE-2026-27141HigFeb 26, 2026
    affected < 2.73.0-r1fixed 2.73.0-r1

    Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

  • CVE-2025-71176MedJan 22, 2026
    affected < 2.72.0-r3fixed 2.72.0-r3

    pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

Page 2 of 2