Skip to content
Tools / ClickHouse / Dependencies

Dependency Analysis

ClickHouse

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
44% Freshness
689 Dependencies
294 Outdated
0 Stale
4.9 Avg Behind

Dependency List

Latest release v26.4.1.1141-stable

All 688 Outdated 384 Has CVE 24 GPL 25
Dependency Type Current Latest Behind CVE License
protobuf
pypi
 Direct 4.25.8 7.35.0 24 behind 1 high BSD-3-Clause
cryptography
pypi
 Direct 44.0.1 48.0.0 20 behind 2 high Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause)
cryptography
pypi
 Direct 44.0.1 48.0.0 20 behind 2 high Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause)
aws-lc-sys
cargo
 Direct 0.30.0 0.41.0 16 behind 4 high ISC AND (Apache-2.0 OR ISC) AND OpenSSL
rustls-webpki
cargo
 Direct 0.103.4 0.103.13 16 behind 8 high ISC
lxml
pypi
 Direct 5.3.0 6.1.1 10 behind 1 high BSD-2-Clause AND BSD-3-Clause
lz4_flex
cargo
 Direct 0.11.5 0.13.1 6 behind 1 high MIT
urllib3
pypi
 Direct 2.4.0 2.7.0 6 behind 5 high MIT
pyjwt
pypi
 Direct 2.10.1 2.13.0 4 behind 1 high MIT
pyjwt
pypi
 Direct 2.10.1 2.13.0 4 behind 1 high MIT
deepdiff
pypi
 Direct 8.6.1 9.1.0 3 behind 1 high MIT
wheel
pypi
 Direct 0.46.1 0.47.0 3 behind 1 high MIT
wheel
pypi
 Direct 0.46.1 0.47.0 3 behind 1 high MIT
org.apache.zookeeper:zookeeper
maven
 Direct 3.8.4 2 high Apache-2.0
cryptography
pypi
 Direct 45.0.4 48.0.0 13 behind 1 medium Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause)
pip
pypi
 Direct 25.0.1 26.1.2 9 behind 2 medium MIT
requests
pypi
 Direct 2.32.4 2.34.2 7 behind 1 medium Apache-2.0
requests
pypi
 Direct 2.32.4 2.34.2 7 behind 1 medium Apache-2.0
pip
pypi
 Direct 26.0.1 26.1.2 3 behind 2 medium MIT
pip
pypi
 Direct 26.0.1 26.1.2 3 behind 2 medium MIT
pynacl
pypi
 Direct 1.5.0 1.6.2 3 behind 1 medium Apache-2.0
bytes
cargo
 Direct 1.10.1 1.11.1 2 behind 1 medium MIT
tar
cargo
 Direct 0.4.44 0.4.46 2 behind 2 medium MIT OR Apache-2.0
jwcrypto
pypi
 Direct 1.5.6 1.5.7 1 behind 1 medium LGPL-3.0 AND LGPL-3.0-or-later

License Breakdown

MIT OR Apache-2.0 246
MIT 143
Unknown 61
Apache-2.0 46
Apache-2.0 OR MIT 24
Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT 18
Unicode-3.0 18
BSD-2-Clause AND BSD-3-Clause 17
BSD-3-Clause 15
Unlicense OR MIT 10
MPL-2.0 5
GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only 4
ISC 4
LicenseRef-scancode-generic-cla AND MIT 4
MIT AND Python-2.0 4
Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 3
BSD-2-Clause 3
(MIT OR Apache-2.0) AND Unicode-3.0 2
Apache-2.0 AND BSD-3-Clause 2
Apache-2.0 AND LicenseRef-scancode-unknown-license-reference 2
Apache-2.0 OR BSL-1.0 2
Apache-2.0 OR ISC OR MIT 2
Apache-2.0 WITH LLVM-exception 2
BSD-2-Clause OR Apache-2.0 OR MIT 2
CC0-1.0 OR MIT-0 OR Apache-2.0 2
GPL-3.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0 AND LGPL-3.0-only 2
LGPL-2.1-or-later 2
LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later 2
Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0.1 2
Zlib 2
(AFL-2.1 AND MIT AND Python-2.0) OR (AFL-2.1 AND MIT) 1
0BSD OR MIT OR Apache-2.0 1
Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND LicenseRef-scancode-jdom AND MIT 1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1
Apache-2.0 AND BSD-3-Clause AND MIT AND Zlib 1
Apache-2.0 AND BSD-3-Clause AND MPL-2.0 1
Apache-2.0 AND ISC 1
Apache-2.0 AND MIT 1
Apache-2.0 AND MIT AND MPL-2.0 1
BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-public-domain AND Unlicense 1
BSD-2-Clause OR MIT OR Apache-2.0 1
BSD-3-Clause AND LGPL-2.1-only 1
BSD-3-Clause AND LicenseRef-scancode-protobuf 1
BSD-3-Clause OR Apache-2.0 1
CC0-1.0 OR Apache-2.0 OR Apache-2.0 WITH LLVM-exception 1
CDLA-Permissive-2.0 1
GPL-1.0-or-later AND MIT 1
GPL-2.0 AND GPL-2.0-only 1
GPL-2.0-only 1
GPL-2.0-only WITH Universal-FOSS-exception-1.0 1
GPL-2.0-or-later 1
GPL-3.0 AND GPL-3.0-only AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later 1
GPL-3.0 AND GPL-3.0-or-later 1
GPL-3.0-or-later 1
GPL-3.0-or-later AND LGPL-2.1-only AND curl 1
ISC AND (Apache-2.0 OR ISC) 1
ISC AND (Apache-2.0 OR ISC) AND OpenSSL 1
LGPL-2.0-or-later AND LGPL-2.1-only AND LicenseRef-scancode-public-domain AND MIT AND MPL-1.1 1
LGPL-2.0-or-later AND LGPL-3.0-or-later 1
LGPL-3.0 AND LGPL-3.0-only 1
LGPL-3.0 AND LGPL-3.0-or-later 1
LicenseRef-scancode-free-unknown AND MIT 1
MIT AND CC0-1.0 1
MIT OR Apache-2.0 OR LGPL-2.1-or-later 1
MIT OR Zlib OR Apache-2.0 1
MPL-2.0 AND Python-2.0 1
Python-2.0.1 1

CVE Severity

critical 0
high 14
medium 10
low 0
unknown 0

Beta — feedback welcome: [email protected]