VYPR

apk package

chainguard/superset-5.0-entrypoint

pkg:apk/chainguard/superset-5.0-entrypoint

Vulnerabilities (7)

  • CVE-2025-69277MedDec 31, 2025
    affected < 5.0.0-r11fixed 5.0.0-r11

    libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic g

  • CVE-2025-68480MedDec 22, 2025
    affected < 5.0.0-r10fixed 5.0.0-r10

    Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request

  • CVE-2025-66471Dec 5, 2025
    affected < 5.0.0-r9fixed 5.0.0-r9

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu

  • CVE-2025-66418Dec 5, 2025
    affected < 5.0.0-r9fixed 5.0.0-r9

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2025-66221Nov 29, 2025
    affected < 5.0.0-r8fixed 5.0.0-r8

    Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every direc

  • CVE-2025-6176HigOct 31, 2025
    affected < 5.0.0-r7fixed 5.0.0-r7

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less

  • CVE-2025-58065Sep 11, 2025
    affected < 5.0.0-r5fixed 5.0.0-r5

    Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in th