VYPR

apk package

chainguard/kyverno-reports-controller-fips-1.16

pkg:apk/chainguard/kyverno-reports-controller-fips-1.16

Vulnerabilities (43)

  • CVE-2026-22703Jan 10, 2026
    affected < 1.16.3-r1fixed 1.16.3-r1

    Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When v

  • CVE-2025-66564Dec 4, 2025
    affected < 1.16.3-r1fixed 1.16.3-r1

    Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits t

  • CVE-2025-66506Dec 4, 2025
    affected < 1.16.2-r1fixed 1.16.2-r1

    Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in th

Page 3 of 3