VYPR

apk package

chainguard/karpenter-1.7

pkg:apk/chainguard/karpenter-1.7

Vulnerabilities (22)

  • CVE-2025-61731Jan 28, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can

  • CVE-2025-68119Jan 28, 2026
    affected < 1.7.4-r1fixed 1.7.4-r1

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are

Page 2 of 2