VYPR

apk package

chainguard/goose

pkg:apk/chainguard/goose

Vulnerabilities (42)

  • CVE-2025-61731Jan 28, 2026
    affected < 3.26.0-r2fixed 3.26.0-r2

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can

  • CVE-2025-68119Jan 28, 2026
    affected < 3.26.0-r2fixed 3.26.0-r2

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are

Page 3 of 3