VYPR

apk package

chainguard/grype-fips

pkg:apk/chainguard/grype-fips

Vulnerabilities (67)

  • CVE-2025-58058MedAug 28, 2025
    affected < 0.99.0-r1fixed 0.99.0-r1

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the

  • CVE-2025-8959Aug 15, 2025
    affected < 0.98.0-r1fixed 0.98.0-r1

    HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

  • CVE-2025-54388Jul 30, 2025
    affected < 0.96.1-r1fixed 0.96.1-r1

    Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables

  • CVE-2025-22871CriApr 8, 2025
    affected < 0.91.0-r1fixed 0.91.0-r1

    The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

  • CVE-2024-40635Mar 17, 2025
    affected < 0.90.0-r1fixed 0.90.0-r1

    containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ult

  • CVE-2025-22868Feb 26, 2025
    affected < 0.89.0-r1fixed 0.89.0-r1

    An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

  • CVE-2025-22869Feb 26, 2025
    affected < 0.89.0-r0fixed 0.89.0-r0

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Page 4 of 4