VYPR

apk package

chainguard/helix

pkg:apk/chainguard/helix

Vulnerabilities (3)

  • CVE-2026-25541Feb 4, 2026
    affected < 25.07.1-r2fixed 25.07.1-r2

    Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. Whe

  • CVE-2024-12224May 30, 2025
    affected < 25.01-r0fixed 25.01-r0

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

  • CVE-2025-31130MedApr 4, 2025
    affected < 25.01.1-r1fixed 25.01.1-r1

    gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 withou