Package impact
Go / chainguard.dev/apko
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42575 | high | 7.5 | 7.5 | 21d ago | apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) | |||
| CVE-2026-42574 | high | 7.5 | 7.5 | 21d ago | apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root |