VYPR

apk package

wolfi/ggshield

pkg:apk/wolfi/ggshield

Vulnerabilities (29)

  • CVE-2025-50181Jun 19, 2025
    affected < 1.43.0-r0fixed 1.43.0-r0

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An appl

  • CVE-2024-47081MedJun 9, 2025
    affected < 1.40.0-r1fixed 1.40.0-r1

    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc

  • CVE-2024-12797MedFeb 11, 2025
    affected < 1.37.0-r0fixed 1.37.0-r0

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections u

  • CVE-2024-3651Jul 7, 2024
    affected < 1.27.0-r0fixed 1.27.0-r0

    A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service co

  • CVE-2024-37891Jun 17, 2024
    affected < 1.28.0-r0fixed 1.28.0-r0

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'

  • CVE-2024-35195MedMay 20, 2024
    affected < 1.28.0-r1fixed 1.28.0-r1

    Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes

  • CVE-2024-26130Feb 21, 2024
    affected < 1.25.0-r0fixed 1.25.0-r0

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided

  • CVE-2023-50782HigFeb 5, 2024
    affected < 1.25.0-r0fixed 1.25.0-r0

    A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2024-0727MedJan 26, 2024
    affected < 1.25.0-r0fixed 1.25.0-r0

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can c

Page 2 of 2