VYPR

apk package

chainguard/gitlab-cng-18.9

pkg:apk/chainguard/gitlab-cng-18.9

Vulnerabilities (5)

  • CVE-2026-26007Feb 10, 2026
    affected < 18.9.1-r0fixed 18.9.1-r0

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke

  • CVE-2026-25765Feb 9, 2026
    affected < 18.9.1-r0fixed 18.9.1-r0

    Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's build_exclusive_url method (in lib/faraday/connection.rb) uses Ruby's URI#merge to combine the connection's base URL with a user-supplied path. Per

  • CVE-2025-61921Oct 10, 2025
    affected < 18.9.1-r0fixed 18.9.1-r0

    Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the respon

  • CVE-2024-12797MedFeb 11, 2025
    affected < 18.9.1-r0fixed 18.9.1-r0

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u

  • CVE-2024-21510MedNov 1, 2024
    affected < 18.9.1-r0fixed 18.9.1-r0

    Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbit