apk package
chainguard/apache-beam-python-3.12-sdk
pkg:apk/chainguard/apache-beam-python-3.12-sdk
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33186 | Cri | 9.1 | < 2.71.0-r1 | 2.71.0-r1 | Mar 20, 2026 | gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi | |
| CVE-2026-33231 | — | < 2.71.0-r2 | 2.71.0-r2 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B | ||
| CVE-2026-33230 | — | < 2.71.0-r2 | 2.71.0-r2 | Mar 20, 2026 | NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku | ||
| CVE-2026-32875 | — | < 2.71.0-r1 | 2.71.0-r1 | Mar 20, 2026 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the | ||
| CVE-2026-32874 | — | < 2.71.0-r1 | 2.71.0-r1 | Mar 20, 2026 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The leaked memory is a copy of the string form | ||
| CVE-2026-30922 | Hig | 7.5 | < 2.71.0-r1 | 2.71.0-r1 | Mar 18, 2026 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa | |
| CVE-2026-27141 | Hig | 7.5 | < 2.73.0-r1 | 2.73.0-r1 | Feb 26, 2026 | Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | |
| CVE-2025-71176 | Med | 6.8 | < 2.72.0-r3 | 2.72.0-r3 | Jan 22, 2026 | pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges. |
- affected < 2.71.0-r1fixed 2.71.0-r1
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi
- CVE-2026-33231Mar 20, 2026affected < 2.71.0-r2fixed 2.71.0-r2
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the local WordNet B
- CVE-2026-33230Mar 20, 2026affected < 2.71.0-r2fixed 2.71.0-r2
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `looku
- CVE-2026-32875Mar 20, 2026affected < 2.71.0-r1fixed 2.71.0-r1
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the
- CVE-2026-32874Mar 20, 2026affected < 2.71.0-r1fixed 2.71.0-r1
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The leaked memory is a copy of the string form
- affected < 2.71.0-r1fixed 2.71.0-r1
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa
- affected < 2.73.0-r1fixed 2.73.0-r1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
- affected < 2.72.0-r3fixed 2.72.0-r3
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
Page 2 of 2