VYPR

rpm package

opensuse/heroic-games-launcher&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/heroic-games-launcher&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2026-34601HigApr 2, 2026
    affected < 2.20.1-5.1fixed 2.20.1-5.1

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator

  • CVE-2026-33036Mar 20, 2026
    affected < 2.20.1-4.1fixed 2.20.1-4.1

    fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and standard XML entities completely evade the entity expa

  • CVE-2026-28292CriMar 10, 2026
    affected < 2.20.1-3.1fixed 2.20.1-3.1

    `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Ver

  • CVE-2026-3449LowMar 3, 2026
    affected < 2.20.1-2.1fixed 2.20.1-2.1

    Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang

  • CVE-2026-27606Feb 25, 2026
    affected < 2.20.0-2.1fixed 2.20.0-2.1

    Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine a

  • CVE-2026-26278Feb 19, 2026
    affected < 2.20.0-1.1fixed 2.20.0-1.1

    fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML inpu

  • CVE-2026-25547CriFeb 4, 2026
    affected < 2.20.0-1.1fixed 2.20.0-1.1

    @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated nume

  • CVE-2026-22029HigJan 10, 2026
    affected < 2.18.1-2.1fixed 2.18.1-2.1

    React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can res