VYPR

apk package

chainguard/promitor

pkg:apk/chainguard/promitor

Vulnerabilities (6)

  • CVE-2026-42191MedMay 12, 2026
    affected < 2.15.0-r1fixed 2.15.0-r1

    OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when OTEL_DOTNET_EXPERIMENTAL_OTLP

  • CVE-2026-40894MedApr 23, 2026
    affected < 2.15.0-r3fixed 2.15.0-r3

    OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensio

  • CVE-2026-33116HigApr 14, 2026
    affected < 2.15.0-r2fixed 2.15.0-r2

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2026-26171HigApr 14, 2026
    affected < 2.15.0-r2fixed 2.15.0-r2

    Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

  • CVE-2026-32933HigMar 20, 2026
    affected < 2.16.0-r0fixed 2.16.0-r0

    AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit

  • CVE-2025-27513HigMar 5, 2025
    affected < 2.13.0-r1fixed 2.13.0-r1

    OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation