VYPR

rpm package

opensuse/argocd-cli&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/argocd-cli&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-41240MedApr 23, 2026
    affected < 3.4.3-1.1fixed 3.4.3-1.1

    DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The

  • CVE-2025-29786HigMar 17, 2025
    affected < 2.14.10-1.1fixed 2.14.10-1.1

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression

  • CVE-2025-26791Feb 14, 2025
    affected < 2.14.8-1.1fixed 2.14.8-1.1

    DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

  • CVE-2024-45296HigSep 9, 2024
    affected < 2.12.4-1.1fixed 2.12.4-1.1

    path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will