Alerta

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

81% Freshness

59 Dependencies

4 Outdated

0 Stale

2.4 Avg Behind

Dependency List

Latest release v9.1.0

All 58 Outdated 8 Has CVE 1 GPL 2

Dependency	Type	Current	Latest	Behind	CVE	License
lxml pypi	Direct	5.2.1	—	—	1 high	BSD-2-Clause AND BSD-3-Clause
pylint pypi	Direct	3.1.0	4.0.5	26 behind	—	GPL-2.0-or-later
sentry-sdk pypi	Direct	2.56.0	2.61.1	10 behind	—	Unknown
requests pypi	Direct	2.32.5	2.34.2	6 behind	—	Apache-2.0
cryptography pypi	Direct	46.0.6	48.0.0	3 behind	—	BSD-3-Clause OR Apache-2.0
psycopg2 pypi	Direct	2.9.11	2.9.12	1 behind	—	LGPL-2.0-or-later AND LGPL-3.0-or-later
pyjwt pypi	Direct	2.12.1	2.13.0	1 behind	—	MIT
pymongo pypi	Direct	4.16.0	4.17.0	1 behind	—	Unknown
werkzeug pypi	Direct	3.1.7	3.1.8	1 behind	—	BSD-3-Clause
act10ns/slack githubactions	Direct	2..	—	—	—	Unknown
act10ns/slack githubactions	Direct	2	—	—	—	Unknown
actions/checkout githubactions	Direct	4..	—	—	—	Unknown
actions/setup-python githubactions	Direct	5..	—	—	—	Unknown
alerta-server	Direct	—	—	—	—	Unknown
bcrypt	Direct	—	—	—	—	Unknown
bcrypt pypi	Direct	5.0.0	5.0.0	Current	—	Apache-2.0
blinker	Direct	—	—	—	—	Unknown
blinker pypi	Direct	1.9.0	1.9.0	Current	—	MIT
cryptography	Direct	—	—	—	—	Unknown
defusedxml	Direct	—	—	—	—	Unknown
defusedxml pypi	Direct	0.7.1	0.7.1	Current	—	PSF-2.0
docker/login-action githubactions	Direct	3..	—	—	—	Unknown
flask	Direct	>= 2.0.1	—	—	—	Unknown
flask pypi	Direct	3.1.3	3.1.3	Current	—	BSD-3-Clause
flask-compress	Direct	>= 1.4.0	—	—	—	Unknown
flask-compress pypi	Direct	1.23	—	—	—	Unknown
flask-cors	Direct	>= 3.0.2	—	—	—	Unknown
flask-cors pypi	Direct	6.0.2	6.0.2	Current	—	MIT
github/codeql-action/analyze githubactions	Direct	3..	—	—	—	Unknown
github/codeql-action/autobuild githubactions	Direct	3..	—	—	—	Unknown
github/codeql-action/init githubactions	Direct	3..	—	—	—	Unknown
mohawk	Direct	—	—	—	—	Unknown
mohawk pypi	Direct	1.1.0	—	—	—	MPL-2.0
mypy pypi	Direct	1.11.2	—	—	—	MIT
pre-commit pypi	Direct	3.7.0	—	—	—	MIT
pyjwt	Direct	>= 2.0.0	—	—	—	Unknown
pyparsing	Direct	—	—	—	—	Unknown
pyparsing pypi	Direct	3.3.2	3.3.2	Current	—	MIT AND Python-2.0
pysaml2 pypi	Direct	7.5.0	—	—	—	Apache-2.0
pytest	Direct	>= 5.4.3	—	—	—	Unknown
pytest-cov	Direct	—	—	—	—	Unknown
python-dateutil	Direct	—	—	—	—	Unknown
python-dateutil pypi	Direct	2.9.0.post0	2.9.0.post0	Current	—	Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
python-dotenv	Direct	—	—	—	—	Unknown
python-ldap pypi	Direct	3.4.5	—	—	—	MIT AND python-ldap
pytz	Direct	—	—	—	—	Unknown
pytz pypi	Direct	2026.1.post1	2026.2.0	—	—	MIT AND ZPL-2.1
pyyaml	Direct	—	—	—	—	Unknown
pyyaml pypi	Direct	6.0.3	6.0.3	Current	—	MIT
requests	Direct	—	—	—	—	Unknown
requests-hawk	Direct	—	—	—	—	Unknown
requests-hawk pypi	Direct	1.2.1	—	—	—	Apache-2.0
requests-mock	Direct	—	—	—	—	Unknown
sentry-sdk	Direct	>= 0.10.2	—	—	—	Unknown
setuptools	Direct	>= 70.0.0	—	—	—	Unknown
strenum	Direct	—	—	—	—	Unknown
strenum pypi	Direct	0.4.15	0.4.15	Current	—	MIT
superfly/flyctl-actions/setup-flyctl githubactions	Direct	master	—	—	—	Unknown

License Breakdown

Unknown 35

MIT 7

Apache-2.0 4

BSD-3-Clause 2

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

BSD-2-Clause AND BSD-3-Clause 1

BSD-3-Clause OR Apache-2.0 1

GPL-2.0-or-later 1

LGPL-2.0-or-later AND LGPL-3.0-or-later 1

MIT AND Python-2.0 1

MIT AND ZPL-2.1 1

MIT AND python-ldap 1

MPL-2.0 1

PSF-2.0 1

CVE Severity

critical 0

high 1

medium 0

low 0

unknown 0