VYPR

apk package

wolfi/starship

pkg:apk/wolfi/starship

Vulnerabilities (8)

  • CVE-2026-44471HigMay 13, 2026
    affected < 1.25.1-r1fixed 1.25.1-r1

    gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symli

  • CVE-2026-25727Feb 6, 2026
    affected < 1.24.2-r1fixed 1.24.2-r1

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2026-0810Jan 26, 2026
    affected < 1.25.0-r0fixed 1.25.0-r0

    A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are

  • CVE-2024-12224May 30, 2025
    affected < 1.21.1-r1fixed 1.21.1-r1

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

  • CVE-2025-4574MedMay 13, 2025
    affected < 1.22.1-r1fixed 1.22.1-r1

    In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

  • CVE-2025-31130MedApr 4, 2025
    affected < 1.24.0-r0fixed 1.24.0-r0

    gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 withou

  • CVE-2024-45405MedSep 6, 2024
    affected < 1.20.1-r4fixed 1.20.1-r4

    `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolv

  • CVE-2024-45305LowSep 2, 2024
    affected < 1.22.1-r0fixed 1.22.1-r0

    gix-path is a crate of the gitoxide project dealing with git paths and their conversions. `gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local repository's configuration as system-wide if