VYPR

rpm package

opensuse/python-uv&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-uv&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-31812HigMar 10, 2026
    affected < 0.10.11-1.1fixed 0.10.11-1.1

    Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malf

  • CVE-2025-62518HigOct 21, 2025
    affected < 0.9.5-1.1fixed 0.9.5-1.1

    astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr

  • CVE-2025-58160LowAug 29, 2025
    affected < 0.8.14-2.1fixed 0.8.14-2.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i

  • CVE-2025-54368MedAug 8, 2025
    affected < 0.8.8-1.1fixed 0.8.8-1.1

    uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would e