VYPR

rpm package

opensuse/forgejo&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/forgejo&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2025-58190Feb 5, 2026
    affected < 12.0.4-2.1fixed 12.0.4-2.1

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-47911Feb 5, 2026
    affected < 12.0.4-2.1fixed 12.0.4-2.1

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-3445HigApr 13, 2025
    affected < 10.0.3-2.1fixed 10.0.3-2.1

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using t

  • CVE-2025-22869Feb 26, 2025
    affected < 10.0.3-1.1fixed 10.0.3-1.1

    SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

  • CVE-2024-43788Aug 27, 2024
    affected < 8.0.3-1.1fixed 8.0.3-1.1

    Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s

  • CVE-2024-24791HigJul 2, 2024
    affected < 7.0.5-1.1fixed 7.0.5-1.1

    The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co

  • CVE-2024-24789Jun 5, 2024
    affected < 7.0.4-1.1fixed 7.0.4-1.1

    The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac

  • CVE-2024-24788MedMay 8, 2024
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

  • CVE-2023-45288HigApr 4, 2024
    affected < 1.21.10+0-1.1fixed 1.21.10+0-1.1

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

VYPR — Vulnerability Intelligence