VYPR

apk package

chainguard/dapr-daprd-1.18

pkg:apk/chainguard/dapr-daprd-1.18

Vulnerabilities (4)

  • CVE-2026-41178MedJun 4, 2026
    affected < 1.18.1-r2fixed 1.18.1-r2

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the iss

  • CVE-2026-26958LowFeb 19, 2026
    affected < 0fixed 0

    filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Poin

  • CVE-2025-69725MedFeb 19, 2026
    affected < 0fixed 0

    An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

  • CVE-2026-2303MedFeb 10, 2026
    affected < 1.18.1-r1fixed 1.18.1-r1

    The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI b