VYPR

apk package

wolfi/langfuse-web-3

pkg:apk/wolfi/langfuse-web-3

Vulnerabilities (6)

  • CVE-2025-15284Dec 29, 2025
    affected < 3.143.0-r1fixed 3.143.0-r1

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLim

  • CVE-2025-14874Dec 18, 2025
    affected < 3.135.1-r2fixed 3.135.1-r2

    A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

  • CVE-2025-68130HigDec 16, 2025
    affected < 3.141.0-r0fixed 3.141.0-r0

    tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the

  • CVE-2025-65945Dec 4, 2025
    affected < 3.138.0-r0fixed 3.138.0-r0

    auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they us

  • CVE-2025-66414Dec 2, 2025
    affected < 3.137.0-r1fixed 3.137.0-r1

    MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on l

  • CVE-2025-66400Dec 1, 2025
    affected < 3.137.0-r1fixed 3.137.0-r1

    mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the p