VYPR

apk package

chainguard/langfuse-fips-3-compat

pkg:apk/chainguard/langfuse-fips-3-compat

Vulnerabilities (3)

  • CVE-2025-15284Dec 29, 2025
    affected < 3.143.0-r1fixed 3.143.0-r1

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLim

  • CVE-2025-68130HigDec 16, 2025
    affected < 3.141.0-r0fixed 3.141.0-r0

    tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the

  • CVE-2025-65945Dec 4, 2025
    affected < 3.138.0-r0fixed 3.138.0-r0

    auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they us