VYPR

apk package

wolfi/vitess-22

pkg:apk/wolfi/vitess-22

Vulnerabilities (94)

  • CVE-2025-61724Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

  • CVE-2025-58188Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-58185Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

  • CVE-2025-47912Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresse

  • CVE-2025-61723Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

  • CVE-2025-58189Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

  • CVE-2025-58187Oct 29, 2025
    affected < 22.0.1-r6fixed 22.0.1-r6

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

  • CVE-2025-62522MedOct 20, 2025
    affected < 0fixed 0

    Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent i

  • CVE-2025-58752Sep 8, 2025
    affected < 22.0.2-r0fixed 22.0.2-r0

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.ho

  • CVE-2025-58751Sep 8, 2025
    affected < 22.0.2-r0fixed 22.0.2-r0

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network

  • CVE-2025-54798Aug 7, 2025
    affected < 22.0.1-r5fixed 22.0.1-r5

    tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.

  • CVE-2025-7783CriJul 18, 2025
    affected < 22.0.1-r3fixed 22.0.1-r3

    Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

  • CVE-2025-7339LowJul 17, 2025
    affected < 22.0.2-r0fixed 22.0.2-r0

    on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receiv

  • CVE-2025-5889LowJun 9, 2025
    affected < 22.0.3-r0fixed 22.0.3-r0

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be l

Page 5 of 5