VYPR

apk package

chainguard/emscripten

pkg:apk/chainguard/emscripten

Vulnerabilities (8)

  • CVE-2026-45149MedMay 29, 2026
    affected < 5.0.7-r1fixed 5.0.7-r1

    The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 mill

  • CVE-2026-44728HigMay 26, 2026
    affected < 5.0.7-r1fixed 5.0.7-r1

    Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed

  • CVE-2026-33750MedMar 27, 2026
    affected < 5.0.5-r1fixed 5.0.5-r1

    The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process

  • CVE-2026-33672MedMar 26, 2026
    affected < 5.0.5-r1fixed 5.0.5-r1

    Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions

  • CVE-2026-33671HigMar 26, 2026
    affected < 5.0.5-r1fixed 5.0.5-r1

    Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when c

  • CVE-2026-27904Feb 26, 2026
    affected < 5.0.2-r1fixed 5.0.2-r1

    minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), wh

  • CVE-2026-27903Feb 26, 2026
    affected < 5.0.2-r1fixed 5.0.2-r1

    minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-a

  • CVE-2026-26996Feb 20, 2026
    affected < 5.0.1-r2fixed 5.0.1-r2

    minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal charact