VYPR

rpm package

opensuse/golang-github-prometheus-alertmanager&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-39821CriMay 22, 2026
    affected < 0.32.2-2.1fixed 0.32.2-2.1

    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in program

  • CVE-2026-33186CriMar 20, 2026
    affected < 0.31.1-3.1fixed 0.31.1-3.1

    gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omi

  • CVE-2025-22870MedMar 12, 2025
    affected < 0.28.1-2.1fixed 0.28.1-2.1

    Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

  • CVE-2023-40577Aug 25, 2023
    affected < 0.26.0-4.1fixed 0.26.0-4.1

    Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue ha