VYPR

apk package

chainguard/kibana-9.3-iamguarded

pkg:apk/chainguard/kibana-9.3-iamguarded

Vulnerabilities (125)

  • CVE-2025-69873LowFeb 11, 2026
    affected < 9.3.2-r0fixed 9.3.2-r0

    ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp(

  • CVE-2026-25639HigFeb 9, 2026
    affected < 9.3.0-r1fixed 9.3.0-r1

    Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providi

  • CVE-2026-25528MedFeb 9, 2026
    affected < 9.3.0-r2fixed 9.3.0-r2

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, ca

  • CVE-2026-25128Jan 30, 2026
    affected < 9.3.0-r1fixed 9.3.0-r1

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML

  • CVE-2025-68154Dec 16, 2025
    affected < 9.3.0-r1fixed 9.3.0-r1

    systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell com

Page 7 of 7