VYPR

apk package

chainguard/authentik-fips-2025.12-go-server

pkg:apk/chainguard/authentik-fips-2025.12-go-server

Vulnerabilities (23)

  • CVE-2026-29181HigApr 7, 2026
    affected < 2025.12.4-r6fixed 2025.12.4-r6

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many bagg

  • CVE-2026-33816CriApr 7, 2026
    affected < 0fixed 0

    Memory-safety vulnerability in github.com/jackc/pgx/v5.

  • CVE-2026-34986HigApr 6, 2026
    affected < 2025.12.4-r1fixed 2025.12.4-r1

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

Page 2 of 2