VYPR

apk package

chainguard/kibana-8.19-iamguarded

pkg:apk/chainguard/kibana-8.19-iamguarded

Vulnerabilities (125)

  • CVE-2025-57319HigSep 24, 2025
    affected < 0fixed 0

    fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denia

  • CVE-2025-59343HigSep 24, 2025
    affected < 8.19.4-r1fixed 8.19.4-r1

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A worka

  • CVE-2025-58754Sep 12, 2025
    affected < 8.19.6-r0fixed 8.19.6-r0

    Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire

  • CVE-2025-9910MedSep 11, 2025
    affected < 8.19.3-r1fixed 8.19.3-r1

    Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and th

  • CVE-2024-53382Mar 3, 2025
    affected < 8.19.3-r1fixed 8.19.3-r1

    Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Page 7 of 7