Scouttlo
ENES
All ideas/devtools/Plataforma SaaS automatizada para escaneo, monitoreo y gestión de vulnerabilidades en dependencias de proyectos Python, con alertas, recomendaciones de remediación y reportes personalizados.
GitHubB2Bdevtools

Plataforma SaaS automatizada para escaneo, monitoreo y gestión de vulnerabilidades en dependencias de proyectos Python, con alertas, recomendaciones de remediación y reportes personalizados.

Scouted 6 hours ago

7.5/ 10
Overall score

Turn this signal into an edge

We help you build it, validate it, and get there first.

Go from idea to plan: who buys, what MVP to launch, how to validate it, and what to measure before spending months.

Extra context

Learn more about this idea

Get a clearer explanation of what the opportunity means, the current problem behind it, how this idea solves it, and the key concepts involved.

Share your email to view this expanded analysis.

Score breakdown

Urgency9.0
Market size8.0
Feasibility7.0
Competition6.0
Pain point

Múltiples vulnerabilidades de alta severidad en dependencias transitorias de librerías usadas en proyectos Python generan riesgos de seguridad difíciles de gestionar.

Who'd pay for this

Equipos de desarrollo de software, empresas de tecnología, y departamentos de seguridad informática que gestionan proyectos con dependencias de código abierto.

Source signal

"15 vulnerabilities (highest severity is: 8.9)"

Original post

sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda: 15 vulnerabilities (highest severity is: 8.9)

Published: 6 hours ago

Repository: rsoreq/protobuf Author: mend-for-github-com[bot] <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - <b>sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda</b></summary> <p></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/jinja2-3.1.2-py37h06a4308_0.conda</p> <p> </details> ## Vulnerabilities | Vulnerability | Severity | <img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (sphinx_rtd_theme version) | Remediation Possible** | Reachability | | ------------- | ------------- | ----- | ----- | ----- | ----- | ----- | ------------- | --- | --- | | [CVE-2026-21441](https://www.mend.io/vulnerability-database/CVE-2026-21441) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 8.9 | Not Defined | 0.0% | urllib3-1.26.14-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2025-66471](https://www.mend.io/vulnerability-database/CVE-2025-66471) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 8.9 | Not Defined | 0.0% | urllib3-1.26.14-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2025-66418](https://www.mend.io/vulnerability-database/CVE-2025-66418) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 8.9 | Not Defined | 0.0% | urllib3-1.26.14-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-39689](https://www.mend.io/vulnerability-database/CVE-2024-39689) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 8.7 | Not Defined | 21.199999% | certifi-2022.12.7-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2023-37920](https://www.mend.io/vulnerability-database/CVE-2023-37920) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 8.7 | Not Defined | 0.1% | certifi-2022.12.7-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2025-47273](https://www.mend.io/vulnerability-database/CVE-2025-47273) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 7.7 | Not Defined | 0.5% | setuptools-65.6.3-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-3651](https://www.mend.io/vulnerability-database/CVE-2024-3651) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 6.9 | Not Defined | 0.70000005% | idna-3.4-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2025-50181](https://www.mend.io/vulnerability-database/CVE-2025-50181) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 6.0 | Not Defined | 0.1% | urllib3-1.26.14-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-47081](https://www.mend.io/vulnerability-database/CVE-2024-47081) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 6.0 | Not Defined | 0.2% | requests-2.28.1-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2020-11023](https://www.mend.io/vulnerability-database/CVE-2020-11023) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.7 | Proof of concept | 42.1% | sphinx-2.4.0-py_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2025-27516](https://www.mend.io/vulnerability-database/CVE-2025-27516) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.4 | Not Defined | 0.1% | jinja2-3.1.2-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-56326](https://www.mend.io/vulnerability-database/CVE-2024-56326) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.4 | Not Defined | 0.5% | jinja2-3.1.2-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-56201](https://www.mend.io/vulnerability-database/CVE-2024-56201) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.4 | Not Defined | 0.5% | jinja2-3.1.2-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2024-22195](https://www.mend.io/vulnerability-database/CVE-2024-22195) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.3 | Not Defined | 0.2% | jinja2-3.1.2-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | | [CVE-2026-25645](https://www.mend.io/vulnerability-database/CVE-2026-25645) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 4.1 | Not Defined | 0.0% | requests-2.28.1-py37h06a4308_0.conda | Transitive | N/A* | &#10060;| | <p>*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.</p><p>**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation</p> ## Details <details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2026-21441</summary> ### Vulnerable Library - <b>urllib3-1.26.14-py37h06a4308_0.conda</b> <p>HTTP library with thread-safe connection pooling, file post, and more.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/urllib3-1.26.14-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **urllib3-1.26.14-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP "Content-Encoding" header (e.g., "gzip", "deflate", "br", or "zstd"). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting "preload_content=False" when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when "preload_content=False". If upgrading is not immediately possible, disable redirects by setting "redirect=False" for requests to untrusted source. <p>Publish Date: 2026-01-07 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2026-21441>CVE-2026-21441</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.0%</p> </p> <p></p> ### CVSS 4 Score Details (<b>8.9</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99">https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99</a></p> <p>Release Date: 2026-01-07</p> <p>Fix Resolution: urllib3 - 2.6.3,https://github.com/urllib3/urllib3.git - 2.6.3,urllib3 - 2.6.3</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2025-66471</summary> ### Vulnerable Library - <b>urllib3-1.26.14-py37h06a4308_0.conda</b> <p>HTTP library with thread-safe connection pooling, file post, and more.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/urllib3-1.26.14-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **urllib3-1.26.14-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data. <p>Publish Date: 2025-12-05 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-66471>CVE-2025-66471</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.0%</p> </p> <p></p> ### CVSS 4 Score Details (<b>8.9</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37">https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37</a></p> <p>Release Date: 2025-12-05</p> <p>Fix Resolution: urllib3 - 2.6.0,https://github.com/urllib3/urllib3.git - 2.6.0</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2025-66418</summary> ### Vulnerable Library - <b>urllib3-1.26.14-py37h06a4308_0.conda</b> <p>HTTP library with thread-safe connection pooling, file post, and more.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/urllib3-1.26.14-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **urllib3-1.26.14-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0. <p>Publish Date: 2025-12-05 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-66418>CVE-2025-66418</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.0%</p> </p> <p></p> ### CVSS 4 Score Details (<b>8.9</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Release Date: 2025-12-05</p> <p>Fix Resolution: https://github.com/urllib3/urllib3.git - 2.6.0,urllib3 - 2.6.0</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2024-39689</summary> ### Vulnerable Library - <b>certifi-2022.12.7-py37h06a4308_0.conda</b> <p>Python package for providing Mozilla's CA Bundle.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/certifi-2022.12.7-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/certifi-2022.12.7-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/certifi-2022.12.7-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **certifi-2022.12.7-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from "GLOBALTRUST". Certifi 2024.7.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. "GLOBALTRUST"'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." <p>Publish Date: 2024-07-05 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-39689>CVE-2024-39689</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 21.199999%</p> </p> <p></p> ### CVSS 4 Score Details (<b>8.7</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-248v-346w-9cwc">https://github.com/advisories/GHSA-248v-346w-9cwc</a></p> <p>Release Date: 2024-07-05</p> <p>Fix Resolution: certifi - 2024.7.4,certifi - 2024.7.4</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2023-37920</summary> ### Vulnerable Library - <b>certifi-2022.12.7-py37h06a4308_0.conda</b> <p>Python package for providing Mozilla's CA Bundle.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/certifi-2022.12.7-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/certifi-2022.12.7-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/certifi-2022.12.7-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **certifi-2022.12.7-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. <p>Publish Date: 2023-07-25 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2023-37920>CVE-2023-37920</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.1%</p> </p> <p></p> ### CVSS 4 Score Details (<b>8.7</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-xqr8-7jwr-rhp7">https://github.com/advisories/GHSA-xqr8-7jwr-rhp7</a></p> <p>Release Date: 2023-07-25</p> <p>Fix Resolution: certifi - 2023.7.22,certifi - 2023.7.22</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2025-47273</summary> ### Vulnerable Library - <b>setuptools-65.6.3-py37h06a4308_0.conda</b> <p>Download, build, install, upgrade, and uninstall Python packages</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/setuptools-65.6.3-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/setuptools-65.6.3-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/setuptools-65.6.3-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **setuptools-65.6.3-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in "PackageIndex" is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. Mend Note: The description of this vulnerability differs from MITRE. <p>Publish Date: 2025-05-17 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-47273>CVE-2025-47273</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.5%</p> </p> <p></p> ### CVSS 4 Score Details (<b>7.7</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-5rjg-fvgr-3xxf">https://github.com/advisories/GHSA-5rjg-fvgr-3xxf</a></p> <p>Release Date: 2025-05-17</p> <p>Fix Resolution: setuptools - 78.1.1,https://github.com/pypa/setuptools.git - v78.1.1,setuptools - 78.1.1</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2024-3651</summary> ### Vulnerable Library - <b>idna-3.4-py37h06a4308_0.conda</b> <p>Internationalized Domain Names in Applications (IDNA).</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/idna-3.4-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/idna-3.4-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/idna-3.4-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **idna-3.4-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> A vulnerability was identified in the kjd/idna library, specifically within the "idna.encode()" function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the "idna.encode()" function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. <p>Publish Date: 2024-07-07 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-3651>CVE-2024-3651</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.70000005%</p> </p> <p></p> ### CVSS 4 Score Details (<b>6.9</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3651">https://nvd.nist.gov/vuln/detail/CVE-2024-3651</a></p> <p>Release Date: 2024-07-07</p> <p>Fix Resolution: idna - 3.7,idna - 3.7</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2025-50181</summary> ### Vulnerable Library - <b>urllib3-1.26.14-py37h06a4308_0.conda</b> <p>HTTP library with thread-safe connection pooling, file post, and more.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/urllib3-1.26.14-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/urllib3-1.26.14-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - requests-2.28.1-py37h06a4308_0.conda - :x: **urllib3-1.26.14-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. <p>Publish Date: 2025-06-19 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-50181>CVE-2025-50181</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.1%</p> </p> <p></p> ### CVSS 4 Score Details (<b>6.0</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Release Date: 2025-06-19</p> <p>Fix Resolution: urllib3 - 2.5.0,urllib3 - 2.5.0,https://github.com/urllib3/urllib3.git - 2.5.0</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2024-47081</summary> ### Vulnerable Library - <b>requests-2.28.1-py37h06a4308_0.conda</b> <p>Requests is an elegant and simple HTTP library for Python, built with ♥.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/requests-2.28.1-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/requests-2.28.1-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/requests-2.28.1-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **requests-2.28.1-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with "trust_env=False" on one's Requests Session. Mend Note: The description of this vulnerability differs from MITRE. <p>Publish Date: 2025-06-09 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-47081>CVE-2024-47081</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.2%</p> </p> <p></p> ### CVSS 4 Score Details (<b>6.0</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-9hjg-9r4m-mvj7">https://github.com/advisories/GHSA-9hjg-9r4m-mvj7</a></p> <p>Release Date: 2025-06-09</p> <p>Fix Resolution: https://github.com/psf/requests.git - v2.32.4,requests - 2.32.4,requests - 2.32.4</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2020-11023</summary> ### Vulnerable Library - <b>sphinx-2.4.0-py_0.conda</b> <p>Sphinx is a tool that makes it easy to create intelligent and beautiful documentation</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/noarch/sphinx-2.4.0-py_0.conda">http://repo.continuum.io/pkgs/main/noarch/sphinx-2.4.0-py_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/sphinx-2.4.0-py_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - :x: **sphinx-2.4.0-py_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. <p>Publish Date: 2020-04-29 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2020-11023>CVE-2020-11023</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Proof of concept</p> <p>EPSS: 42.1%</p> </p> <p></p> ### CVSS 4 Score Details (<b>5.7</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-jpcq-cgw6-v4j6">https://github.com/advisories/GHSA-jpcq-cgw6-v4j6</a></p> <p>Release Date: 2020-04-29</p> <p>Fix Resolution: jQuery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,org.webjars.npm:jquery:3.5.0</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2025-27516</summary> ### Vulnerable Library - <b>jinja2-3.1.2-py37h06a4308_0.conda</b> <p>A very fast and expressive template engine.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/jinja2-3.1.2-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **jinja2-3.1.2-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6. <p>Publish Date: 2025-03-05 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-27516>CVE-2025-27516</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.1%</p> </p> <p></p> ### CVSS 4 Score Details (<b>5.4</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Release Date: 2025-03-05</p> <p>Fix Resolution: 3.1.6</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2024-56326</summary> ### Vulnerable Library - <b>jinja2-3.1.2-py37h06a4308_0.conda</b> <p>A very fast and expressive template engine.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/jinja2-3.1.2-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **jinja2-3.1.2-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. <p>Publish Date: 2024-12-23 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-56326>CVE-2024-56326</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.5%</p> </p> <p></p> ### CVSS 4 Score Details (<b>5.4</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h">https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h</a></p> <p>Release Date: 2024-12-23</p> <p>Fix Resolution: Jinja2 - 3.1.5</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2024-56201</summary> ### Vulnerable Library - <b>jinja2-3.1.2-py37h06a4308_0.conda</b> <p>A very fast and expressive template engine.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/jinja2-3.1.2-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **jinja2-3.1.2-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. <p>Publish Date: 2024-12-23 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-56201>CVE-2024-56201</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.5%</p> </p> <p></p> ### CVSS 4 Score Details (<b>5.4</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699">https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699</a></p> <p>Release Date: 2024-12-23</p> <p>Fix Resolution: Jinja2 - 3.1.5</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2024-22195</summary> ### Vulnerable Library - <b>jinja2-3.1.2-py37h06a4308_0.conda</b> <p>A very fast and expressive template engine.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/jinja2-3.1.2-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/jinja2-3.1.2-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **jinja2-3.1.2-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja "xmlattr" filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. Mend Note: The description of this vulnerability differs from MITRE. <p>Publish Date: 2024-01-11 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2024-22195>CVE-2024-22195</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.2%</p> </p> <p></p> ### CVSS 4 Score Details (<b>5.3</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95">https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95</a></p> <p>Release Date: 2024-01-11</p> <p>Fix Resolution: jinja2 - 3.1.3</p> </p> <p></p> </details><details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2026-25645</summary> ### Vulnerable Library - <b>requests-2.28.1-py37h06a4308_0.conda</b> <p>Requests is an elegant and simple HTTP library for Python, built with ♥.</p> <p>Library home page: <a href="http://repo.continuum.io/pkgs/main/linux-64/requests-2.28.1-py37h06a4308_0.conda">http://repo.continuum.io/pkgs/main/linux-64/requests-2.28.1-py37h06a4308_0.conda</a></p> <p>Path to dependency file: /python/docs/environment.yml</p> <p>Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/requests-2.28.1-py37h06a4308_0.conda</p> <p> Dependency Hierarchy: - sphinx_rtd_theme-0.4.3-pyhd3eb1b0_0.conda (Root Library) - sphinx-2.4.0-py_0.conda - :x: **requests-2.28.1-py37h06a4308_0.conda** (Vulnerable Library) <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Vulnerability Details <p> Requests is a HTTP library. Prior to version 2.33.0, the "requests.utils.extract_zipped_paths()" utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call "extract_zipped_paths()" directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set "TMPDIR" in their environment to a directory with restricted write access. <p>Publish Date: 2026-03-25 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2026-25645>CVE-2026-25645</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 0.0%</p> </p> <p></p> ### CVSS 4 Score Details (<b>4.1</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A </p> For more information on CVSS4 Scores, click <a href="https://www.first.org/cvss/calculator/4.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Release Date: 2026-03-25</p> <p>Fix Resolution: https://github.com/psf/requests.git - v2.33.0</p> </p> <p></p> </details>

View on github

Related in devtools

RSSB2Bdevtools
8.3

Plataforma que calcula automáticamente el tamaño óptimo de modelo, volumen de datos de entrenamiento y presupuesto de inferencia usando Train-to-Test scaling laws

21 hours ago
Details
ProductHuntB2Bdevtools
8.0

Plataforma que analiza y optimiza sitios web para compatibilidad con agentes de IA, incluyendo auditorías automáticas, recomendaciones de mejora y herramientas de implementación.

3 days ago
Details
HNB2Bdevtools
7.8

Una plataforma SaaS de gestión de acceso a infraestructuras cloud que permita control granular, automatización de permisos y credenciales de corta duración, con integración sencilla y sin necesidad de infraestructura propia.

6 hours ago
Details
HNB2Bdevtools
7.8

Plataforma que ayuda a empresas SaaS tradicionales a integrar y orquestar agentes de IA en sus productos existentes para mantener competitividad.

21 hours ago
Details
Open source