VYPR

apk package

wolfi/debezium-3.5-connector-postgres

pkg:apk/wolfi/debezium-3.5-connector-postgres

Vulnerabilities (5)

  • CVE-2026-42198HigApr 29, 2026
    affected < 3.5.1-r0fixed 3.5.1-r0

    pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg

  • CVE-2026-33557CriApr 20, 2026
    affected < 3.5.0-r3fixed 3.5.0-r3

    A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature,

  • CVE-2026-35554HigApr 7, 2026
    affected < 3.5.0-r3fixed 3.5.0-r3

    A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch

  • CVE-2025-66566HigDec 5, 2025
    affected < 3.5.1-r0fixed 3.5.1-r0

    yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the

  • CVE-2025-12183HigNov 28, 2025
    affected < 3.5.1-r0fixed 3.5.1-r0

    Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.