VYPR

apk package

chainguard/dagster

pkg:apk/chainguard/dagster

Vulnerabilities (4)

  • CVE-2026-47265HigJun 2, 2026
    affected < 1.13.8-r0fixed 1.13.8-r0

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then

  • CVE-2026-34993MedJun 2, 2026
    affected < 1.13.8-r0fixed 1.13.8-r0

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is

  • CVE-2026-41205HigApr 23, 2026
    affected < 1.13.2-r0fixed 1.13.2-r0

    Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable

  • CVE-2026-39892CriApr 8, 2026
    affected < 1.13.2-r0fixed 1.13.2-r0

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner