VYPR

apk package

chainguard/gitlab-rails-ce-fips-19.1

pkg:apk/chainguard/gitlab-rails-ce-fips-19.1

Vulnerabilities (25)

  • CVE-2025-59288Oct 14, 2025
    affected < 19.1.1-r1fixed 19.1.1-r1

    Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.

  • CVE-2025-59343HigSep 24, 2025
    affected < 19.1.1-r1fixed 19.1.1-r1

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A worka

  • CVE-2025-7783CriJul 18, 2025
    affected < 19.1.1-r1fixed 19.1.1-r1

    Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

  • CVE-2025-48387HigJun 2, 2025
    affected < 19.1.1-r1fixed 19.1.1-r1

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore o

  • CVE-2025-27789MedMar 11, 2025
    affected < 19.1.1-r1fixed 19.1.1-r1

    Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specif

Page 2 of 2