VYPR

apk package

wolfi/sqlpad

pkg:apk/wolfi/sqlpad

Vulnerabilities (63)

  • CVE-2024-12905HigMar 27, 2025
    affected < 7.5.3-r1fixed 7.5.3-r1

    An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrit

  • CVE-2025-29775CriMar 14, 2025
    affected < 7.5.2-r2fixed 7.5.2-r2

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed

  • CVE-2025-29774CriMar 14, 2025
    affected < 7.5.2-r2fixed 7.5.2-r2

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed

  • CVE-2024-52798HigDec 5, 2024
    affected < 7.5.2-r0fixed 7.5.2-r0

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path

  • CVE-2024-21538HigNov 8, 2024
    affected < 7.5.1-r1fixed 7.5.1-r1

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted

  • CVE-2024-47764MedOct 4, 2024
    affected < 7.5.2-r2fixed 7.5.2-r2

    cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the coo

  • CVE-2024-45590Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This is

  • CVE-2024-43800Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

  • CVE-2024-43799Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

  • CVE-2024-43796Sep 10, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

  • CVE-2024-45296HigSep 9, 2024
    affected < 7.5.0-r1fixed 7.5.0-r1

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will

  • CVE-2024-35255Jun 11, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

  • CVE-2024-21512HigMay 29, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

  • CVE-2024-29415HigMay 27, 2024
    affected < 7.4.3-r0fixed 7.4.3-r0

    The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for

  • CVE-2024-21511CriApr 23, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

  • CVE-2024-21508CriApr 11, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

  • CVE-2024-21507Apr 10, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.

  • CVE-2024-21509Apr 10, 2024
    affected < 7.4.1-r4fixed 7.4.1-r4

    Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

  • CVE-2024-22363HigApr 5, 2024
    affected < 7.4.1-r3fixed 7.4.1-r3

    SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).

  • CVE-2024-29041Mar 25, 2024
    affected < 7.4.1-r3fixed 7.4.1-r3

    Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Expres