USN-8344-1 python-pip vulnerabilities

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

EUVD-2026-5381

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.1 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the ExpandApk function not enforcing decompression restrictions, which could lead to resource exhaustion, build failures, or...

Denial Of Service (DoS)

Bugsink is vulnerable to Denial of Service DoS. The vulnerability is due to decompression of highly compressed Brotli data before enforcing limits, which allows an attacker to send crafted payloads that exhaust memory and crash the server...