VYPR

apk package

chainguard/pgadmin4-pg14

pkg:apk/chainguard/pgadmin4-pg14

Vulnerabilities (14)

  • CVE-2025-6176HigOct 31, 2025
    affected < 9.9-r1fixed 9.9-r1

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less

  • CVE-2025-59420Sep 22, 2025
    affected < 9.8-r1fixed 9.8-r1

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed toke

  • CVE-2025-48379Jul 1, 2025
    affected < 9.5-r0fixed 9.5-r0

    Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only aff

  • CVE-2025-50182Jun 19, 2025
    affected < 9.4-r2fixed 9.4-r2

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpReque

  • CVE-2024-47081MedJun 9, 2025
    affected < 9.4-r2fixed 9.4-r2

    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc

  • CVE-2025-47273May 17, 2025
    affected < 0fixed 0

    setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on

  • CVE-2025-47278LowMay 13, 2025
    affected < 9.3-r1fixed 9.3-r1

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` librar

  • CVE-2025-43859CriApr 24, 2025
    affected < 9.2-r1fixed 9.2-r1

    h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since explo

  • CVE-2024-12797MedFeb 11, 2025
    affected < 9.0-r1fixed 9.0-r1

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u

  • CVE-2024-21538HigNov 8, 2024
    affected < 9.1-r1fixed 9.1-r1

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted

  • CVE-2022-25881Jan 31, 2023
    affected < 9.1-r1fixed 9.1-r1

    This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

  • CVE-2022-33987Jun 18, 2022
    affected < 9.1-r1fixed 9.1-r1

    The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

  • CVE-2021-43307Jun 1, 2022
    affected < 9.1-r1fixed 9.1-r1

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

  • CVE-2021-3795Sep 15, 2021
    affected < 9.1-r1fixed 9.1-r1

    semver-regex is vulnerable to Inefficient Regular Expression Complexity