VYPR

apk package

chainguard/nginx-stable

pkg:apk/chainguard/nginx-stable

Vulnerabilities (9)

  • CVE-2026-9256HigMay 22, 2026
    affected < 1.30.2-r0fixed 1.30.2-r0

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replac

  • CVE-2026-1642Feb 4, 2026
    affected < 1.30.0-r0fixed 1.30.0-r0

    A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inje

  • CVE-2025-53859Aug 13, 2025
    affected < 1.30.0-r0fixed 1.30.0-r0

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication serv

  • CVE-2025-1695Mar 4, 2025
    affected < 0fixed 0

    In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-

  • CVE-2024-34161May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

  • CVE-2024-35200May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

  • CVE-2024-32760May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

  • CVE-2024-31079May 29, 2024
    affected < 1.26.1-r0fixed 1.26.1-r0

    When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process,

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.24.0-r3fixed 1.24.0-r3

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.