VYPR

apk package

chainguard/vitess-21

pkg:apk/chainguard/vitess-21

Vulnerabilities (25)

  • CVE-2025-58189Oct 29, 2025
    affected < 21.0.5-r7fixed 21.0.5-r7

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

  • CVE-2025-58187Oct 29, 2025
    affected < 21.0.5-r7fixed 21.0.5-r7

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-62522MedOct 20, 2025
    affected < 0fixed 0

    Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent i

  • CVE-2025-54798Aug 7, 2025
    affected < 21.0.5-r6fixed 21.0.5-r6

    tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

  • CVE-2025-7783CriJul 18, 2025
    affected < 21.0.5-r4fixed 21.0.5-r4

    Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Page 2 of 2