VYPR

Apm

by Microsoft

Source repositories

CVEs (5)

  • CVE-2026-40067HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-45539HigMay 15, 2026
    risk 0.41cvss 7.4epss 0.01

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rglob() calls and read each match with Path.read_text(), transparently following…

  • CVE-2026-44641HigMay 15, 2026
    risk 0.39cvss 7.1epss 0.00

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are…

  • CVE-2026-46383MedMay 15, 2026
    risk 0.29cvss 5.5epss 0.01

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.…

  • CVE-2018-15335Dec 28, 2018
    risk 0.00cvss epss 0.01

    When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended…