rpm package
opensuse/python-uv&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/python-uv&distro=openSUSE%20Leap%2016.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13327 | — | < 0.7.18-160000.4.1 | 0.7.18-160000.4.1 | Feb 27, 2026 | A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker- | ||
| CVE-2025-62518 | Hig | 8.1 | < 0.7.18-160000.3.1 | 0.7.18-160000.3.1 | Oct 21, 2025 | astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr | |
| CVE-2025-58160 | Low | — | < 0.7.18-160000.3.1 | 0.7.18-160000.3.1 | Aug 29, 2025 | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i |
- CVE-2025-13327Feb 27, 2026affected < 0.7.18-160000.4.1fixed 0.7.18-160000.4.1
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-
- affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr
- affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i