VYPR

apk package

chainguard/pluto-fips-compat

pkg:apk/chainguard/pluto-fips-compat

Vulnerabilities (5)

  • CVE-2025-11065MedJan 26, 2026
    affected < 5.22.5-r1fixed 5.22.5-r1

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process

  • CVE-2025-61727Dec 3, 2025
    affected < 5.22.6-r1fixed 5.22.6-r1

    An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

  • CVE-2025-61729Dec 2, 2025
    affected < 5.22.6-r1fixed 5.22.6-r1

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a

  • CVE-2025-55198Aug 13, 2025
    affected < 5.22.5-r0fixed 5.22.5-r0

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatt

  • CVE-2025-55199Aug 13, 2025
    affected < 5.22.5-r0fixed 5.22.5-r0

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work