VYPR

apk package

wolfi/rye

pkg:apk/wolfi/rye

Vulnerabilities (6)

  • CVE-2026-33056Mar 20, 2026
    affected < 0.44.0-r7fixed 0.44.0-r7

    tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links,

  • CVE-2026-33055Mar 20, 2026
    affected < 0.44.0-r7fixed 0.44.0-r7

    tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX siz

  • CVE-2026-25727Feb 6, 2026
    affected < 0.44.0-r5fixed 0.44.0-r5

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2024-58262Jul 27, 2025
    affected < 0.38.0-r0fixed 0.38.0-r0

    The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

  • CVE-2024-12224May 30, 2025
    affected < 0.43.0-r1fixed 0.43.0-r1

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

  • CVE-2025-4432MedMay 9, 2025
    affected < 0.44.0-r1fixed 0.44.0-r1

    A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets