VYPR

apk package

wolfi/harbor-2.13-exporter

pkg:apk/wolfi/harbor-2.13-exporter

Vulnerabilities (50)

  • CVE-2025-47912MedOct 29, 2025
    affected < 2.13.2-r11fixed 2.13.2-r11

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse

  • CVE-2025-47910MedSep 22, 2025
    affected < 2.13.2-r9fixed 2.13.2-r9

    When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended sec

  • CVE-2025-47909HigAug 29, 2025
    affected < 0fixed 0

    Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com be

  • CVE-2025-55199MedAug 14, 2025
    affected < 2.13.2-r6fixed 2.13.2-r6

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A work

  • CVE-2025-55198MedAug 14, 2025
    affected < 2.13.2-r6fixed 2.13.2-r6

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatt

  • CVE-2025-47907HigAug 7, 2025
    affected < 2.13.2-r3fixed 2.13.2-r3

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2025-53547HigJul 8, 2025
    affected < 2.13.1-r4fixed 2.13.1-r4

    Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lo

  • CVE-2025-4673MedJun 11, 2025
    affected < 2.13.1-r2fixed 2.13.1-r2

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

  • CVE-2025-22874HigJun 11, 2025
    affected < 2.13.1-r2fixed 2.13.1-r2

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

  • CVE-2025-24976MedFeb 11, 2025
    affected < 0fixed 0

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted

Page 3 of 3