VYPR

rpm package

opensuse/python-uv&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/python-uv&distro=openSUSE%20Leap%2016.0

Vulnerabilities (3)

  • CVE-2025-13327Feb 27, 2026
    affected < 0.7.18-160000.4.1fixed 0.7.18-160000.4.1

    A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-

  • CVE-2025-62518HigOct 21, 2025
    affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1

    astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr

  • CVE-2025-58160LowAug 29, 2025
    affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i