VYPR

rpm package

suse/python-uv&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (4)

  • CVE-2026-32766MedMar 20, 2026
    affected < 0.7.18-160000.5.1fixed 0.7.18-160000.5.1

    astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of invalid PAX extensions could be used as a building bl

  • CVE-2026-31812HigMar 10, 2026
    affected < 0.7.18-160000.5.1fixed 0.7.18-160000.5.1

    Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malf

  • CVE-2025-62518HigOct 21, 2025
    affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1

    astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr

  • CVE-2025-58160LowAug 29, 2025
    affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i