VYPR

apk package

chainguard/gitaly-fips-18.10

pkg:apk/chainguard/gitaly-fips-18.10

Vulnerabilities (43)

  • CVE-2026-34986HigApr 6, 2026
    affected < 18.10.7-r1fixed 18.10.7-r1

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JW

  • CVE-2026-34165MedMar 31, 2026
    affected < 18.10.7-r1fixed 18.10.7-r1

    go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and re

  • CVE-2026-33762LowMar 31, 2026
    affected < 18.10.7-r1fixed 18.10.7-r1

    go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can t

Page 3 of 3