Msrc Cbl2 Python-Tensorboard 2.11.0-3 On Cbl Mariner 2.0 vulnerabilities

CVE-2026-34601 [HIGH] CWE-91 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes

CVE-2026-33228 [HIGH] CWE-1321 flatted: Prototype Pollution via parse() flatted: Prototype Pollution via parse() Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-27142 [MEDIUM] URLs in meta content attribute actions are not escaped in html/template URLs in meta content attribute actions are not escaped in html/template Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2026-33671 [HIGH] CWE-1333 Picomatch has a ReDoS vulnerability via extglob quantifiers Picomatch has a ReDoS vulnerability via extglob quantifiers Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-32141 [HIGH] CWE-674 flatted: Unbounded recursion DoS in parse() revive phase flatted: Unbounded recursion DoS in parse() revive phase Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-33672 [MEDIUM] CWE-1321 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2026-27199 [MEDIUM] CWE-67 Werkzeug safe_join() allows Windows special device names Werkzeug safe_join() allows Windows special device names Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2025-69873 [LOW] CWE-1333 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Poin ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScr

CVE-2025-15284 [MEDIUM] CWE-20 arrayLimit bypass in bracket notation allows DoS via memory exhaustion arrayLimit bypass in bracket notation allows DoS via memory exhaustion Mariner: Mariner harborist: harborist Customer Action Required: Yes

CVE-2025-61727 [MEDIUM] Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Mariner: Mariner Go: Go Customer Action Required: Yes

CVE-2025-66221 [MEDIUM] CWE-67 Werkzeug safe_join() allows Windows special device names Werkzeug safe_join() allows Windows special device names Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes

CVE-2025-47912 [MEDIUM] Insufficient validation of bracketed IPv6 hostnames in net/url Insufficient validation of bracketed IPv6 hostnames in net/url FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2025-58189 [MEDIUM] ALPN negotiation error contains attacker controlled information in crypto/tls ALPN negotiation error contains attacker controlled information in crypto/tls FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2025-58185 [MEDIUM] Parsing DER payload can cause memory exhaustion in encoding/asn1 Parsing DER payload can cause memory exhaustion in encoding/asn1 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries

CVE-2025-61723 [HIGH] Quadratic complexity when parsing some invalid inputs in encoding/pem Quadratic complexity when parsing some invalid inputs in encoding/pem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source li

CVE-2025-61725 [HIGH] Excessive CPU consumption in ParseAddress in net/mail Excessive CPU consumption in ParseAddress in net/mail FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2025-58187 [HIGH] Quadratic complexity when checking name constraints in crypto/x509 Quadratic complexity when checking name constraints in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2025-7783 [CRITICAL] CWE-330 Usage of unsafe random function in form-data for choosing boundary Usage of unsafe random function in form-data for choosing boundary FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2025-22874 [HIGH] Usage of ExtKeyUsageAny disables policy validation in crypto/x509 Usage of ExtKeyUsageAny disables policy validation in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries