VYPR

apk package

chainguard/kubescape-grype-offline-db

pkg:apk/chainguard/kubescape-grype-offline-db

Vulnerabilities (3)

  • CVE-2026-8723MedMay 17, 2026
    affected < 0_git20250804-r1fixed 0_git20250804-r1

    ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's null-related options (`skipNulls`, `strictNullHandling`).

  • CVE-2026-4867HigMar 26, 2026
    affected < 0_git20250804-r1fixed 0_git20250804-r1

    Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambigu

  • CVE-2026-2391Feb 12, 2026
    affected < 0_git20250804-r1fixed 0_git20250804-r1

    ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass