VYPR
Vendor

Typelevel

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2025-58369MedSep 5, 2025
    risk 0.27cvss 5.3epss 0.00

    fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When…

  • CVE-2023-50730Dec 22, 2023
    risk 0.00cvss epss 0.01

    Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries…

  • CVE-2022-31183Aug 1, 2022
    risk 0.00cvss epss 0.01

    fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to:…

  • CVE-2022-21653Jan 5, 2022
    risk 0.00cvss epss 0.01

    Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not…