VYPR

apk package

chainguard/kubernetes-secret-generator

pkg:apk/chainguard/kubernetes-secret-generator

Vulnerabilities (44)

  • CVE-2025-58189Oct 29, 2025
    affected < 3.4.1-r2fixed 3.4.1-r2

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

  • CVE-2025-58187Oct 29, 2025
    affected < 3.4.1-r2fixed 3.4.1-r2

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-30204HigMar 21, 2025
    affected < 0fixed 0

    golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a maliciou

  • CVE-2020-8559Jul 22, 2020
    affected < 3.4.1-r1fixed 3.4.1-r1

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 3 of 3