VYPR

apk package

chainguard/neo4j-2025.10-browser

pkg:apk/chainguard/neo4j-2025.10-browser

Vulnerabilities (3)

  • CVE-2025-68161Dec 18, 2025
    affected < 2025.10.1-r3fixed 2025.10.1-r3

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-67735Dec 16, 2025
    affected < 2025.10.1-r2fixed 2025.10.1-r2

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-12383Nov 18, 2025
    affected < 2025.10.1-r1fixed 2025.10.1-r1

    In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but