| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2022-45770 | High | adguard@0.107.73-r0 | aarch64, x86_64 | Unpatched | Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 ... |
| CVE-2026-25679 | High | stdlib@go1.25.7 | aarch64, x86_64 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority component and accepted ... |
| GHSA-mwwc-3jv2-62j3 | Medium | github.com/AdguardTeam/AdGuardHome@v0.107.73+dirty | aarch64, x86_64 | 0.108.0-b.16 | AdGuardHome vulnerable to Cross-Site Request Forgery |
| CVE-2026-27142 | Medium | stdlib@go1.25.7 | aarch64, x86_64 | 1.25.8, 1.26.1 | Actions which insert URLs into the content attribute of HTML meta tags are no... |
| CVE-2026-27139 | Low | stdlib@go1.25.7 | aarch64, x86_64 | 1.25.8, 1.26.1 | On Unix platforms, when listing the contents of a directory using File.ReadDi... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2012-4683 | Medium | bitcoin-core@30.2-r0 | aarch64, x86_64 | Unpatched | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to caus... |
| CVE-2012-4682 | Medium | bitcoin-core@30.2-r0 | aarch64, x86_64 | Unpatched | Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to caus... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4519 | High | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | The webbrowser.open() API would accept leading dashes in the URL which could... |
| CVE-2026-3644 | Medium | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | The fix for CVE-2026-0672, which rejected control characters in http.cookies.... |
| CVE-2025-15366 | Medium | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | The imaplib module, when passed a user-controlled command, can have additiona... |
| CVE-2025-15367 | Medium | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | The poplib module, when passed a user-controlled command, can have additional... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4224 | Medium | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | When an Expat parser with a registered ElementDeclHandler parses an inline do... |
| CVE-2025-12781 | Medium | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64de... |
| CVE-2025-13462 | Low | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | The "tarfile" module would still apply normalization of AREGTYPE (\... |
| CVE-2026-3479 | Low | python-3.14@3.14.3-r4 | aarch64, x86_64 | Unpatched | pkgutil.get_data() did not validate the resource argument as documented, allo... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| GHSA-p77j-4mvh-x3m3 | Critical | google.golang.org/grpc@v1.59.0 | aarch64, x86_64 | 1.79.3 | gRPC-Go has an authorization bypass via missing leading slash in :path |
| GHSA-x6gf-mpr2-68h6 | High | github.com/jackc/pgproto3/v2@v2.3.3 | aarch64, x86_64 | Unpatched | pgproto3: Negative field length panics in DataRow.Decode |
| GHSA-4f99-4q7p-p3gh | High | github.com/sirupsen/logrus@v1.9.2 | aarch64, x86_64 | 1.9.3 | Logrus is vulnerable to DoS when using Entry.Writer() |
| GHSA-cgrx-mc8f-2prm | High | github.com/opencontainers/runc@v1.1.14 | aarch64, x86_64 | 1.2.8 | runc container escape and denial of service due to arbitrary write gadgets an... |
| GHSA-qw9x-cqr3-wc7r | High | github.com/opencontainers/runc@v1.1.14 | aarch64, x86_64 | 1.2.8 | runc container escape with malicious config due to /dev/console mount and rel... |
| GHSA-9493-h29p-rfm2 | High | github.com/opencontainers/runc@v1.1.14 | aarch64, x86_64 | 1.2.8 | runc container escape via "masked path" abuse due to mount race con... |
| GHSA-p436-gjf2-799p | High | github.com/docker/cli@v28.1.1+incompatible | aarch64, x86_64 | 29.2.0 | Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege... |
| GHSA-9h8m-3fm2-qjrq | High | go.opentelemetry.io/otel/sdk@v1.35.0 | aarch64, x86_64 | 1.40.0 | OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking |
| GHSA-jqcq-xjh3-6g23 | High | github.com/jackc/pgproto3/v2@v2.3.3 | aarch64, x86_64 | Unpatched | Denial of service in github.com/jackc/pgproto3/v2 |
| GHSA-j5w8-q4qc-rx2x | Medium | golang.org/x/crypto@v0.37.0 | aarch64, x86_64 | 0.45.0 | golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption |
| GHSA-f6x5-jh6r-wrfv | Medium | golang.org/x/crypto@v0.37.0 | aarch64, x86_64 | 0.45.0 | golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due... |
| GHSA-2464-8j7c-4cjm | Medium | github.com/go-viper/mapstructure/v2@v2.3.0 | aarch64, x86_64 | 2.4.0 | go-viper's mapstructure May Leak Sensitive Information in Logs When Proc... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| GHSA-g7hc-96xr-gvvx | Medium | MimeKit@4.14.0 | aarch64, x86_64 | 4.15.1 | MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Inj... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| GHSA-g7hc-96xr-gvvx | Medium | MimeKit@4.13.0 | aarch64, x86_64 | 4.15.1 | MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Inj... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| GHSA-m7jm-9gc2-mpf2 | Critical | fast-xml-parser@4.5.3 | aarch64, x86_64 | 4.5.4 | fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE ... |
| GHSA-v9p9-hfj2-hcw8 | High | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_... |
| GHSA-44fp-w29j-9vj5 | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.0.0 | Multer vulnerable to Denial of Service via memory leaks from unclosed streams |
| GHSA-f269-vfmq-vjvj | High | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici: Malicious WebSocket 64-bit length overflows parser and crashes the cl... |
| GHSA-rcmh-qjqh-p98v | High | nodemailer@6.10.0 | aarch64, x86_64 | 7.0.11 | Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls |
| GHSA-rcmh-qjqh-p98v | High | nodemailer@6.9.16 | aarch64, x86_64 | 7.0.11 | Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls |
| GHSA-g5hg-p3ph-g8qg | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.0.1 | Multer vulnerable to Denial of Service via unhandled exception |
| GHSA-5528-5vmv-3xc2 | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.1.1 | Multer Vulnerable to Denial of Service via Uncontrolled Recursion |
| GHSA-xpqw-6gx7-v673 | High | svgo@2.8.0 | aarch64, x86_64 | 2.8.1 | SVGO DoS through entity expansion in DOCTYPE (Billion Laughs) |
| GHSA-43fc-jf86-j433 | High | axios@1.13.3 | aarch64, x86_64 | 1.13.5 | Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig |
| GHSA-4pg4-qvpc-4q3h | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.0.0 | Multer vulnerable to Denial of Service from maliciously crafted requests |
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| GHSA-8gc5-j5rx-235r | High | fast-xml-parser@4.5.3 | aarch64, x86_64 | 5.5.6 | fast-xml-parser affected by numeric entity expansion bypassing all entity exp... |
| GHSA-jmr7-xgp7-cmfj | High | fast-xml-parser@4.5.3 | aarch64, x86_64 | 4.5.4 | fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expan... |
| GHSA-3ppc-4f35-3m26 | High | minimatch@3.1.2 | aarch64, x86_64 | 3.1.3 | minimatch has a ReDoS via repeated wildcards with non-matching literal in pat... |
| GHSA-3ppc-4f35-3m26 | High | minimatch@5.1.6 | aarch64, x86_64 | 5.1.7 | minimatch has a ReDoS via repeated wildcards with non-matching literal in pat... |
| GHSA-3ppc-4f35-3m26 | High | minimatch@9.0.4 | aarch64, x86_64 | 9.0.6 | minimatch has a ReDoS via repeated wildcards with non-matching literal in pat... |
| GHSA-34x7-hfp2-rc4v | High | tar@6.2.1 | aarch64, x86_64 | 7.5.7 | node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Tr... |
| GHSA-v52c-386h-88mc | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.1.0 | Multer vulnerable to Denial of Service via resource exhaustion |
| GHSA-xf7r-hgr6-v32p | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.1.0 | Multer vulnerable to Denial of Service via incomplete cleanup |
| GHSA-vrm6-8vpv-qv8q | High | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decom... |
| GHSA-7r86-cg39-jmmj | High | minimatch@3.1.2 | aarch64, x86_64 | 3.1.3 | minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-a... |
| GHSA-7r86-cg39-jmmj | High | minimatch@5.1.6 | aarch64, x86_64 | 5.1.8 | minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-a... |
| GHSA-7r86-cg39-jmmj | High | minimatch@9.0.4 | aarch64, x86_64 | 9.0.7 | minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-a... |
| GHSA-23c5-xmqv-rm74 | High | minimatch@3.1.2 | aarch64, x86_64 | 3.1.4 | minimatch ReDoS: nested *() extglobs generate catastrophically backtracking r... |
| GHSA-23c5-xmqv-rm74 | High | minimatch@5.1.6 | aarch64, x86_64 | 5.1.8 | minimatch ReDoS: nested *() extglobs generate catastrophically backtracking r... |
| GHSA-23c5-xmqv-rm74 | High | minimatch@9.0.4 | aarch64, x86_64 | 9.0.7 | minimatch ReDoS: nested *() extglobs generate catastrophically backtracking r... |
| GHSA-qpx9-hpmf-5gmw | High | underscore@1.13.7 | aarch64, x86_64 | 1.13.8 | Underscore has unlimited recursion in _.flatten and _.isEqual, potential for ... |
| GHSA-fjgf-rc76-4x9p | High | multer@1.4.5-lts.1 | aarch64, x86_64 | 2.0.2 | Multer vulnerable to Denial of Service via unhandled exception from malformed... |
| GHSA-r6q2-hw4h-h46w | High | tar@6.2.1 | aarch64, x86_64 | 7.5.4 | Race Condition in node-tar Path Reservations via Unicode Ligature Collisions ... |
| GHSA-9ppj-qmqm-q256 | High | tar@6.2.1 | aarch64, x86_64 | 7.5.11 | node-tar Symlink Path Traversal via Drive-Relative Linkpath |
| GHSA-8qq5-rm4j-mr97 | High | tar@6.2.1 | aarch64, x86_64 | 7.5.3 | node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via ... |
| GHSA-qffp-2rhf-9h96 | High | tar@6.2.1 | aarch64, x86_64 | 7.5.10 | tar has Hardlink Path Traversal via Drive-Relative Linkpath |
| GHSA-83g3-92jg-28cx | High | tar@6.2.1 | aarch64, x86_64 | 7.5.8 | Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in... |
| GHSA-h25m-26qc-wcjf | High | next@14.2.35 | aarch64, x86_64 | 15.0.8 | Next.js HTTP request deserialization can lead to DoS when using insecure Reac... |
| GHSA-968p-4wvh-cqc8 | Medium | @babel/runtime@7.22.5 | aarch64, x86_64 | 7.26.10 | Babel has inefficient RegExp complexity in generated code with .replace when ... |
| GHSA-ggv3-7p47-pfv8 | Medium | next@14.2.35 | aarch64, x86_64 | 15.5.13 | Next.js: HTTP request smuggling in rewrites |
| GHSA-6rw7-vpxm-498p | Medium | qs@6.13.0 | aarch64, x86_64 | 6.14.1 | qs's arrayLimit bypass in its bracket notation allows DoS via memory exh... |
| GHSA-mm7p-fcc7-pg87 | Medium | nodemailer@6.10.0 | aarch64, x86_64 | 7.0.7 | Nodemailer: Email to an unintended domain can occur due to Interpretation Con... |
| GHSA-mm7p-fcc7-pg87 | Medium | nodemailer@6.9.16 | aarch64, x86_64 | 7.0.7 | Nodemailer: Email to an unintended domain can occur due to Interpretation Con... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| GHSA-9g9p-9gw9-jx7f | Medium | next@14.2.35 | aarch64, x86_64 | 15.5.10 | Next.js self-hosted applications vulnerable to DoS via Image Optimizer remote... |
| GHSA-378v-28hj-76wf | Medium | bn.js@4.12.2 | aarch64, x86_64 | 4.12.3 | bn.js affected by an infinite loop |
| GHSA-3x4c-7xq6-9pq8 | Medium | next@14.2.35 | aarch64, x86_64 | 15.5.14 | Next.js: Unbounded next/image disk cache growth can exhaust storage |
| GHSA-2g4f-4pwh-qvx6 | Medium | ajv@6.12.6 | aarch64, x86_64 | 6.14.0 | ajv has ReDoS when using `$data` option |
| GHSA-phc3-fgpg-7m6h | Medium | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici has Unbounded Memory Consumption in its DeduplicationHandler via Respo... |
| GHSA-2mjp-6q6p-2qxm | Medium | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici has an HTTP Request/Response Smuggling issue |
| GHSA-4992-7rv2-5pvq | Medium | undici@7.18.2 | aarch64, x86_64 | 7.24.0 | Undici has CRLF Injection in undici via `upgrade` option |
| GHSA-jp2q-39xq-3w4g | Medium | fast-xml-parser@4.5.3 | aarch64, x86_64 | 5.5.7 | Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Eva... |
| GHSA-w7fw-mjwx-w883 | Low | qs@6.13.0 | aarch64, x86_64 | 6.14.2 | qs's arrayLimit bypass in comma parsing allows denial of service |
| GHSA-w7fw-mjwx-w883 | Low | qs@6.14.1 | aarch64, x86_64 | 6.14.2 | qs's arrayLimit bypass in comma parsing allows denial of service |
| GHSA-fj3w-jwp8-x2g3 | Low | fast-xml-parser@4.5.3 | aarch64, x86_64 | 4.5.4 | fast-xml-parser has stack overflow in XMLBuilder with preserveOrder |
| GHSA-7gmj-h9xc-mcxc | Low | mailparser@3.7.2 | aarch64, x86_64 | 3.9.3 | mailparser vulnerable to Cross-site Scripting |
| GHSA-vpq2-c234-7xj6 | Low | @tootallnate/once@1.1.2 | aarch64, x86_64 | 3.0.1 | @tootallnate/once vulnerable to Incorrect Control Flow Scoping |
| GHSA-vpq2-c234-7xj6 | Low | @tootallnate/once@2.0.0 | aarch64, x86_64 | 3.0.1 | @tootallnate/once vulnerable to Incorrect Control Flow Scoping |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| GHSA-8g4q-xg66-9fp4 | High | System.Text.Json@6.0.9 | aarch64, x86_64 | 6.0.10 | Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerabi... |
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| GHSA-g7hc-96xr-gvvx | Medium | MimeKit@4.8.0 | aarch64, x86_64 | 4.15.1 | MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Inj... |
| GHSA-59j7-ghrg-fj52 | Medium | Microsoft.IdentityModel.JsonWebTokens@6.8.0 | aarch64, x86_64 | 6.34.0 | Microsoft ASP.NET Core project templates vulnerable to denial of service |
| GHSA-59j7-ghrg-fj52 | Medium | System.IdentityModel.Tokens.Jwt@6.8.0 | aarch64, x86_64 | 6.34.0 | Microsoft ASP.NET Core project templates vulnerable to denial of service |
| GHSA-rxmq-m78w-7wmc | Medium | SixLabors.ImageSharp@3.1.7 | aarch64, x86_64 | 3.1.11 | SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE ID | Severity | Package | Arch | Fixed Version | Description |
|---|---|---|---|---|---|
| CVE-2026-4437 | High | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |
| CVE-2026-4438 | Medium | glibc@2.43-r3 | aarch64, x86_64 | Unpatched | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that... |