VYPR

apk package

chainguard/gitlab-runner-18.9

pkg:apk/chainguard/gitlab-runner-18.9

Vulnerabilities (22)

  • CVE-2026-1229Feb 24, 2026
    affected < 18.9.0-r1fixed 18.9.0-r1

    The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3 https://

  • CVE-2026-24051HigFeb 2, 2026
    affected < 18.9.0-r1fixed 18.9.0-r1

    OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system comman

Page 2 of 2