VYPR

apk package

chainguard/frankenphp-8.5

pkg:apk/chainguard/frankenphp-8.5

Vulnerabilities (25)

  • CVE-2026-39882MedApr 8, 2026
    affected < 1.12.2-r0fixed 1.12.2-r0

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector e

  • CVE-2026-33817Apr 6, 2026
    affected < 1.12.2-r0fixed 1.12.2-r0

    Rejected reason: CVE confirmed to be a false positive

  • CVE-2026-34986HigApr 6, 2026
    affected < 1.12.1-r5fixed 1.12.1-r5

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

  • CVE-2026-33186CriMar 20, 2026
    affected < 1.12.1-r1fixed 1.12.1-r1

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi

  • CVE-2026-30836CriMar 19, 2026
    affected < 1.12.1-r2fixed 1.12.1-r2

    Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

Page 2 of 2