| Link Following | <0:1.25.10-1.amzn2023.0.1 |
| Allocation of Resources Without Limits or Throttling | <0:1.25.10-1.amzn2023.0.1 |
| CVE-2026-33811 | <0:1.25.10-1.amzn2023.0.1 |
| CVE-2026-39825 | <0:1.25.10-1.amzn2023.0.1 |
| Out-of-bounds Write | <0:1.25.10-1.amzn2023.0.1 |
| CVE-2026-42501 | <0:1.25.10-1.amzn2023.0.1 |
| CVE-2026-42499 | <0:1.25.10-1.amzn2023.0.1 |
| Improper Encoding or Escaping of Output | <0:1.25.10-1.amzn2023.0.1 |
| Loop with Unreachable Exit Condition ('Infinite Loop') | <0:1.25.10-1.amzn2023.0.1 |
| Cross-site Scripting (XSS) | <0:1.25.10-1.amzn2023.0.1 |
| Time-of-check Time-of-use (TOCTOU) | |
| Allocation of Resources Without Limits or Throttling | |
| Compiler Optimization Removal or Modification of Security-critical Code | |
| Excessive Platform Resource Consumption within a Loop | |
| Cross-site Scripting (XSS) | |
| Allocation of Resources Without Limits or Throttling | |
| Expected Behavior Violation | |
| Multiple Locks of a Critical Resource | |
| Improper Restriction of Names for Files and Other Resources | |
| Cross-site Scripting (XSS) | |
| Directory Traversal | |
| Improper Validation of Syntactic Correctness of Input | |
| CVE-2025-61732 | <0:1.24.13-1.amzn2023.0.1 |
| OS Command Injection | <0:1.24.12-1.amzn2023.0.1 |
| Allocation of Resources Without Limits or Throttling | <0:1.24.12-1.amzn2023.0.1 |
| Missing Required Cryptographic Step | <0:1.24.12-1.amzn2023.0.1 |
| Arbitrary Argument Injection | <0:1.24.12-1.amzn2023.0.1 |
| CVE-2025-68121 | <0:1.24.12-1.amzn2023.0.1 |
| Allocation of Resources Without Limits or Throttling | <0:1.24.12-1.amzn2023.0.1 |
| Excessive Platform Resource Consumption within a Loop | <0:1.24.11-1.amzn2023.0.1 |
| Improper Certificate Validation | <0:1.24.11-1.amzn2023.0.1 |
| CVE-2025-58186 | |
| Allocation of Resources Without Limits or Throttling | |
| Reachable Assertion | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Allocation of Resources Without Limits or Throttling | |
| Creation of Immutable Text Using String Concatenation | |
| Improper Output Neutralization for Logs | |
| Allocation of Resources Without Limits or Throttling | |
| Improper Validation of Syntactic Correctness of Input | |
| Race Condition | |
| Expected Behavior Violation | |
| Arbitrary Code Injection | |
| Improper Certificate Validation | |
| CVE-2025-4673 | |
| Directory Traversal | |
| HTTP Request Smuggling | |
| Improper Input Validation | |
| Information Exposure | |
| Improper Verification of Cryptographic Signature | |
| Uncontrolled Recursion | |
| Improperly Controlled Sequential Memory Allocation | |
| Uncontrolled Recursion | |
| Improper Input Validation | |
| Improper Input Validation | |
| Misinterpretation of Input | |
| Improper Certificate Validation | |
| Arbitrary Code Injection | |
| Improper Input Validation | |
| Information Exposure | |
| Misinterpretation of Input | |
| Resource Exhaustion | |
| CVE-2023-45284 | <0:1.20.12-1.amzn2023.0.1 |
| Directory Traversal | <0:1.20.12-1.amzn2023.0.1 |
| Resource Exhaustion | <0:1.20.12-1.amzn2023.0.1 |
| Unchecked Return Value | |
| Incorrect Privilege Assignment | |
| Integer Overflow or Wraparound | |
| Resource Exhaustion | |
| Resource Exhaustion | <0:1.20.10-1.amzn2023.0.1 |
| Arbitrary Code Injection | <0:1.20.10-1.amzn2023.0.1 |
| Resource Exhaustion | <0:1.20.10-1.amzn2023.0.1 |
| Cross-site Scripting (XSS) | |
| Cross-site Scripting (XSS) | |
| Resource Exhaustion | |
| HTTP Response Splitting | |
| Arbitrary Code Injection | |
| Exposure of Resource to Wrong Sphere | |
| Arbitrary Code Injection | |
| Improper Handling of Unicode Encoding | |
| Arbitrary Code Injection | |
| Improper Handling of Unicode Encoding | |
| Improper Handling of Unicode Encoding | |
| Improper Handling of Unicode Encoding | |
| Arbitrary Code Injection | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Incorrect Calculation | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Resource Exhaustion | |
| Directory Traversal | |
| Resource Exhaustion | |
| Allocation of Resources Without Limits or Throttling | |
| Loop with Unreachable Exit Condition ('Infinite Loop') | |
| Unchecked Return Value | |
| HTTP Request Smuggling | |
| Arbitrary Code Injection | |
| Incorrect Privilege Assignment | |
| Integer Overflow or Wraparound | |
| Resource Exhaustion | |
| CVE-2022-41716 | |
| CVE-2022-41715 | |
| Resource Exhaustion | |
| Information Exposure | |
| Directory Traversal | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Implemented Security Check for Standard | |
| Insufficient Entropy | |
| Integer Overflow or Wraparound | |
| Resource Exhaustion | |
| Allocation of Resources Without Limits or Throttling | |
| Use of a Broken or Risky Cryptographic Algorithm | |
| Buffer Overflow | |
| Improperly Controlled Sequential Memory Allocation | |
| Improperly Controlled Sequential Memory Allocation | |
| Information Exposure | |
| Resource Exhaustion | |
| HTTP Request Smuggling | |
| Authorization Bypass Through User-Controlled Key | |
| External Control of File Name or Path | |
| Out-of-Bounds | |
| Improper Input Validation | |
| Resource Exhaustion | |
