Security Deep Dive
continue
Security posture and CVE patch evidence from tracked releases.
1 actively-exploited dependency CVE affects v1.2.22-vscode.
KEV-listed CVEs are confirmed exploited in the wild — patch urgently.
— Signed
— SLSA
✓ SBOM
✓ Security policy
Weekly cadence · 1d median
Active maintainer
Trust Signals — 4 of 9 Present
Evidence already collected from releases and repository metadata.
4/9
Present
Signed releases
Unknown
Latest release artifact signature
Latest release
—
SLSA provenance
Unknown
Attestation predicate level
Latest release
—
SBOM published
Present
GitHub SBOM API
Latest release
Last verified: 28d ago
SECURITY.md
Present
GitHub repository metadata
Repository policy
Checked: 18d ago
Release cadence: weekly
Present
1d median over recent releases
Release history
Latest release: 2mo ago
Maintainer active
Present
Recent commit activity
Repository
Last commit: 5d ago
Checksums (SHA256SUMS)
Not active yet
SHA256SUMS or equivalent
Release asset
Latest release: 2mo ago
GitHub Actions attestation
Not active yet
actions/attest-build-provenance
Workflow file
Latest release: 2mo ago
Signing assets
Not active yet
.sig, .crt, cosign.pub, or similar
Release asset
Latest release: 2mo ago
3.8/10
Security Score
Dependency Exposure
466 transitive dependency
CVEs found in the latest SBOM.
16 critical.
Security Score
A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.
epss
0.25 / 0.5
No EPSS data
freshness
1.00 / 1.0
4d stale
scorecard
2.00 / 4.0
⚠ Estimated — not yet collected
cve health
0.00 / 2.5
⚠ No direct scan — 17c/179h transitive CVEs
patch speed
0.50 / 0.5
⚠ Estimated — no CVE patch history
kev exposure
1.50 / 1.5
No KEV exposure
supply chain risk
-1.50 / 10.0
Risk 100.0/100
Score breakdown
schema v2Vulnerability posture
vulnerability posture
0.0
25%
direct cves: clear
cve scan: estimated
Release responsiveness
release responsiveness
10.0
5%
patch speed days: no_history
Dependency exposure
dependency exposure
0.0
10%
supply chain risk: 100.0
transitive cves: 17c/179h
Provenance trust
provenance trust
5.0
40%
scorecard score: estimated
openssf badge: none
Maintainer health
maintainer health
10.0
10%
activity freshness: 4d
Operational risk
operational risk
8.5
10%
kev exposure: detected
epss max: none
How is this calculated?
The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.
Supply Chain Risk
Risk 100.0/100
16
Transitive critical CVEs
1
KEV-transitive CVEs
40%
Dependency freshness
OpenSSF Badge
OpenSSF none
Badge indicates adherence to open-source best practices.
Dependency Vulnerabilities
13295 dependencies scanned
View full dependency list →
Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.
Critical
16
High
176
Medium
233
Low
36
Unknown
5
1 dependency vulnerabilities are in KEV.
CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.
Critical
16
High
176
Medium
233
Low
36
Unknown
5
| CVE | Severity | KEV | Dependency | Affected version | Cleared in release |
|---|---|---|---|---|---|
| CVE-2019-17571 | critical | — | log4j:log4j | 1.2.17 | — |
| CVE-2021-41208 | critical | — | tensorflow | 2.6.0 | — |
| CVE-2021-41945 | critical | — | httpx | 0.19.0 | — |
| CVE-2022-22817 | critical | — | pillow | 8.3.2 | — |
| CVE-2022-23305 | critical | — | log4j:log4j | 1.2.17 | — |
| CVE-2022-23307 | critical | — | log4j:log4j | 1.2.17 | — |
| CVE-2023-25668 | critical | — | tensorflow | 2.6.0 | — |
| CVE-2023-50447 | critical | — | pillow | 8.3.2 | — |
| CVE-2024-3660 | critical | — | keras | 2.6.0 | — |
| CVE-2025-12543 | critical | — | io.undertow:undertow-core | 2.3.18.Final | — |
| CVE-2025-14009 | critical | — | nltk | 3.6.3 | — |
| CVE-2025-7783 | critical | — | form-data | 2.5.2 | — |
| CVE-2026-27699 | critical | — | basic-ftp | 5.0.5 | — |
| CVE-2026-33937 | critical | — | handlebars | 4.7.8 | — |
| CVE-2026-41242 | critical | — | protobufjs | 6.11.4 | — |
| GHSA-h6gw-r52c-724r | critical | — | tensorflow | 2.6.0 | — |
| CVE-2020-28975 | high | — | scikit-learn | 0.24.2 | — |
| CVE-2021-3828 | high | — | nltk | 3.6.3 | — |
| CVE-2021-3842 | high | — | nltk | 3.6.3 | — |
| CVE-2021-4104 | high | — | log4j:log4j | 1.2.17 | — |
| CVE-2021-41201 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41203 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41206 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41210 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41211 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41212 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41214 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41219 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41220 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-41221 | high | — | tensorflow | 2.6.0 | — |
| CVE-2021-43854 | high | — | nltk | 3.6.3 | — |
| CVE-2022-21726 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21727 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21728 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21729 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21730 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21731 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21734 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21735 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21736 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21737 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21738 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21739 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21740 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-21741 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23302 | high | — | log4j:log4j | 1.2.17 | — |
| CVE-2022-23557 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23558 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23559 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23560 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23561 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23562 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23563 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23564 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23565 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23566 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23567 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23568 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23569 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23570 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23571 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23572 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23573 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23574 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23575 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23576 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23577 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23584 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23587 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-23591 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-24303 | high | — | pillow | 8.3.2 | — |
| CVE-2022-29208 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-29216 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-35937 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-35939 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-41894 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-41900 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-41902 | high | — | tensorflow | 2.6.0 | — |
| CVE-2022-45198 | high | — | pillow | 8.3.2 | — |
| CVE-2023-25658 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25659 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25660 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25662 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25663 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25664 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25665 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25666 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25669 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25670 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25671 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25672 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25673 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25674 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25675 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25676 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-25801 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-26464 | high | — | log4j:log4j | 1.2.17 | — |
| CVE-2023-27579 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-30861 | high | — | flask | 2.0.2 | — |
| CVE-2023-33976 | high | — | tensorflow | 2.6.0 | — |
| CVE-2023-44271 | high | — | pillow | 8.3.2 | — |
| CVE-2023-4863 | high | KEV | pillow | 8.3.2 | — |
| CVE-2024-1135 | high | — | gunicorn | 20.1.0 | — |
| CVE-2024-23334 | high | — | aiohttp | 3.7.4 | — |
| CVE-2024-28219 | high | — | pillow | 8.3.2 | — |
| CVE-2024-30251 | high | — | aiohttp | 3.7.4 | — |
| CVE-2024-3884 | high | — | io.undertow:undertow-core | 2.3.18.Final | — |
| CVE-2024-39705 | high | — | nltk | 3.6.3 | — |
| CVE-2024-4027 | high | — | io.undertow:undertow-core | 2.3.18.Final | — |
| CVE-2024-47072 | high | — | com.thoughtworks.xstream:xstream | 1.4.20 | — |
| CVE-2024-6827 | high | — | gunicorn | 20.1.0 | — |
| CVE-2024-7254 | high | — | com.google.protobuf:protobuf-java | 3.24.4-jb.2 | — |
| CVE-2025-12060 | high | — | keras | 2.6.0 | — |
| CVE-2025-12183 | high | — | org.lz4:lz4-java | 1.8.0 | — |
| CVE-2025-55163 | high | — | io.netty:netty-codec-http2 | 4.2.0.Alpha4 | — |
| CVE-2025-58754 | high | — | axios | 1.11.0 | — |
| CVE-2025-64756 | high | — | glob | 10.4.5 | — |
| CVE-2025-66566 | high | — | org.lz4:lz4-java | 1.8.0 | — |
| CVE-2025-69223 | high | — | aiohttp | 3.7.4 | — |
| CVE-2025-9784 | high | — | io.undertow:undertow-core | 2.3.18.Final | — |
| CVE-2025-9906 | high | — | keras | 2.6.0 | — |
| CVE-2026-0621 | high | — | @modelcontextprotocol/sdk | 1.24.1 | — |
| CVE-2026-0846 | high | — | nltk | 3.6.3 | — |
| CVE-2026-0847 | high | — | nltk | 3.6.3 | — |
| CVE-2026-1207 | high | — | django | 4.2.27 | — |
| CVE-2026-1287 | high | — | django | 4.2.27 | — |
| CVE-2026-1462 | high | — | keras | 2.6.0 | — |
| CVE-2026-23745 | high | — | tar | 7.4.3 | — |
| CVE-2026-23950 | high | — | tar | 7.4.3 | — |
| CVE-2026-24842 | high | — | tar | 7.4.3 | — |
| CVE-2026-25536 | high | — | @modelcontextprotocol/sdk | 1.24.1 | — |
| CVE-2026-25547 | high | — | @isaacs/brace-expansion | 5.0.0 | — |
| CVE-2026-25639 | high | — | axios | 1.11.0 | — |
| CVE-2026-25673 | high | — | django | 4.2.27 | — |
| CVE-2026-26318 | high | — | systeminformation | 5.30.8 | — |
| CVE-2026-26960 | high | — | tar | 7.4.3 | — |
| CVE-2026-26996 | high | — | minimatch | 3.1.2 | — |
| CVE-2026-27601 | high | — | underscore | 1.13.7 | — |
| CVE-2026-27606 | high | — | rollup | 4.47.1 | — |
| CVE-2026-27903 | high | — | minimatch | 3.1.2 | — |
| CVE-2026-27904 | high | — | minimatch | 3.1.2 | — |
| CVE-2026-29786 | high | — | tar | 7.4.3 | — |
| CVE-2026-31802 | high | — | tar | 7.4.3 | — |
| CVE-2026-32141 | high | — | flatted | 3.3.1 | — |
| CVE-2026-33034 | high | — | django | 4.2.27 | — |
| CVE-2026-33151 | high | — | socket.io-parser | 4.2.4 | — |
| CVE-2026-33228 | high | — | flatted | 3.3.1 | — |
| CVE-2026-33231 | high | — | nltk | 3.6.3 | — |
| CVE-2026-33236 | high | — | nltk | 3.6.3 | — |
| CVE-2026-33671 | high | — | picomatch | 4.0.3 | — |
| CVE-2026-33870 | high | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-33871 | high | — | io.netty:netty-codec-http2 | 4.2.0.Alpha4 | — |
| CVE-2026-33891 | high | — | node-forge | 1.3.2 | — |
| CVE-2026-33894 | high | — | node-forge | 1.3.2 | — |
| CVE-2026-33895 | high | — | node-forge | 1.3.2 | — |
| CVE-2026-33896 | high | — | node-forge | 1.3.2 | — |
| CVE-2026-33938 | high | — | handlebars | 4.7.8 | — |
| CVE-2026-33939 | high | — | handlebars | 4.7.8 | — |
| CVE-2026-33940 | high | — | handlebars | 4.7.8 | — |
| CVE-2026-33941 | high | — | handlebars | 4.7.8 | — |
| CVE-2026-34601 | high | — | @xmldom/xmldom | 0.8.10 | — |
| CVE-2026-35209 | high | — | defu | 6.1.4 | — |
| CVE-2026-3902 | high | — | django | 4.2.27 | — |
| CVE-2026-39356 | high | — | drizzle-orm | 0.44.7 | — |
| CVE-2026-39363 | high | — | vite | 7.3.1 | — |
| CVE-2026-39364 | high | — | vite | 7.3.1 | — |
| CVE-2026-39983 | high | — | basic-ftp | 5.2.0 | — |
| CVE-2026-41324 | high | — | basic-ftp | 5.2.0 | — |
| CVE-2026-41672 | high | — | @xmldom/xmldom | 0.8.10 | — |
| CVE-2026-41673 | high | — | @xmldom/xmldom | 0.8.10 | — |
| CVE-2026-41674 | high | — | @xmldom/xmldom | 0.8.10 | — |
| CVE-2026-41675 | high | — | @xmldom/xmldom | 0.8.10 | — |
| CVE-2026-42033 | high | — | axios | 1.13.6 | — |
| CVE-2026-42035 | high | — | axios | 1.13.6 | — |
| CVE-2026-42043 | high | — | axios | 1.13.6 | — |
| CVE-2026-42264 | high | — | axios | 1.13.6 | — |
| CVE-2026-42584 | high | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-42587 | high | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-42587 | high | — | io.netty:netty-codec-http2 | 4.2.0.Alpha4 | — |
| CVE-2026-44240 | high | — | basic-ftp | 5.2.0 | — |
| CVE-2026-44665 | high | — | fast-xml-builder | 1.1.4 | — |
| CVE-2026-44728 | high | — | @babel/plugin-transform-modules-systemjs | 7.25.9 | — |
| CVE-2026-4800 | high | — | lodash | 4.17.23 | — |
| CVE-2026-4800 | high | — | lodash-es | 4.17.23 | — |
| CVE-2026-4867 | high | — | path-to-regexp | 0.1.12 | — |
| CVE-2026-4926 | high | — | path-to-regexp | 8.3.0 | — |
| CVE-2026-5598 | high | — | org.bouncycastle:bcprov-jdk18on | 1.78.1 | — |
| CVE-2026-6321 | high | — | fast-uri | 3.1.0 | — |
| CVE-2026-6322 | high | — | fast-uri | 3.1.0 | — |
| GHSA-43q8-3fv7-pr5x | high | — | tensorflow | 2.6.0 | — |
| GHSA-6v7q-wjvx-w8wg | high | — | basic-ftp | 5.2.0 | — |
| GHSA-qr4w-53vh-m672 | high | — | opencv-python | 4.5.3.56 | — |
| CVE-2021-29425 | medium | — | commons-io:commons-io | 1.4 | — |
| CVE-2021-34141 | medium | — | numpy | 1.21.2 | — |
| CVE-2021-41195 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41196 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41197 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41198 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41199 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41200 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41202 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41204 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41205 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41207 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41209 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41213 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41215 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41216 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41217 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41218 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41222 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41223 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41224 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41225 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41226 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41227 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2021-41228 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-21725 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-21732 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-21733 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-22815 | medium | — | pillow | 8.3.2 | — |
| CVE-2022-22816 | medium | — | pillow | 8.3.2 | — |
| CVE-2022-23578 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23579 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23580 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23581 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23582 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23583 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23585 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23586 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23588 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23589 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23590 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-23595 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29191 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29192 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29193 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29194 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29195 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29196 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29197 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29198 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29199 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29200 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29201 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29202 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29203 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29204 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29205 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29206 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29207 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29209 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29211 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29212 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-29213 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35934 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35935 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35940 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35941 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35952 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35959 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35960 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35963 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35964 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35965 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35966 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35967 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35968 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35969 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35970 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35971 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35972 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35973 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35974 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35979 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35981 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35982 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35983 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35984 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35985 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35986 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35987 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35988 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35989 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35990 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35991 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35992 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35993 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35994 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35995 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35996 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35997 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35998 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-35999 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36000 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36001 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36002 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36003 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36004 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36005 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36011 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36012 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36013 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36014 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36017 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36018 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36019 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36026 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36027 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41880 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41884 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41885 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41886 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41887 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41888 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41889 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41890 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41891 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41893 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41895 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41896 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41897 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41898 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41899 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41901 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41907 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41908 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41909 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41910 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-41911 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2023-25661 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2023-25667 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2023-32681 | medium | — | requests | 2.26.0 | — |
| CVE-2023-37276 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2023-47627 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2023-49081 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2023-49082 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2024-23829 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2024-24828 | medium | — | pkg | 5.8.1 | — |
| CVE-2024-27306 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2024-35195 | medium | — | requests | 2.26.0 | — |
| CVE-2024-47081 | medium | — | requests | 2.26.0 | — |
| CVE-2024-49580 | medium | — | io.ktor:ktor-client-core-jvm | 2.3.12 | — |
| CVE-2024-5206 | medium | — | scikit-learn | 0.24.2 | — |
| CVE-2024-52304 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2024-55459 | medium | — | keras | 2.6.0 | — |
| CVE-2025-12058 | medium | — | keras | 2.6.0 | — |
| CVE-2025-13465 | medium | — | lodash | 4.17.21 | — |
| CVE-2025-15284 | medium | — | qs | 6.13.0 | — |
| CVE-2025-27789 | medium | — | @babel/helpers | 7.25.0 | — |
| CVE-2025-3730 | medium | — | torch | 2.6.0 | — |
| CVE-2025-48924 | medium | — | org.apache.commons:commons-lang3 | 3.8.1 | — |
| CVE-2025-62522 | medium | — | vite | 6.3.5 | — |
| CVE-2025-62718 | medium | — | axios | 1.13.6 | — |
| CVE-2025-64718 | medium | — | js-yaml | 3.14.1 | — |
| CVE-2025-67735 | medium | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2025-69227 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2025-69228 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2025-69229 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2025-69873 | medium | — | ajv | 6.12.6 | — |
| CVE-2025-8916 | medium | — | org.bouncycastle:bcpkix-jdk18on | 1.78.1 | — |
| CVE-2026-0636 | medium | — | org.bouncycastle:bcprov-jdk18on | 1.78.1 | — |
| CVE-2026-1312 | medium | — | django | 4.2.27 | — |
| CVE-2026-22815 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2026-2327 | medium | — | markdown-it | 14.1.0 | — |
| CVE-2026-25645 | medium | — | requests | 2.26.0 | — |
| CVE-2026-28684 | medium | — | python-dotenv | 0.19.0 | — |
| CVE-2026-2950 | medium | — | lodash-es | 4.17.23 | — |
| CVE-2026-2950 | medium | — | lodash | 4.17.23 | — |
| CVE-2026-31808 | medium | — | file-type | 20.5.0 | — |
| CVE-2026-3260 | medium | — | io.undertow:undertow-core | 2.3.18.Final | — |
| CVE-2026-32630 | medium | — | file-type | 20.5.0 | — |
| CVE-2026-33033 | medium | — | django | 4.2.27 | — |
| CVE-2026-33230 | medium | — | nltk | 3.6.3 | — |
| CVE-2026-33532 | medium | — | yaml | 2.8.1 | — |
| CVE-2026-33672 | medium | — | picomatch | 4.0.3 | — |
| CVE-2026-33750 | medium | — | brace-expansion | 1.1.12 | — |
| CVE-2026-33916 | medium | — | handlebars | 4.7.8 | — |
| CVE-2026-34515 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2026-34516 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2026-34525 | medium | — | aiohttp | 3.7.4 | — |
| CVE-2026-35515 | medium | — | @nestjs/core | 11.1.17 | — |
| CVE-2026-39365 | medium | — | vite | 7.3.1 | — |
| CVE-2026-39406 | medium | — | @hono/node-server | 1.19.11 | — |
| CVE-2026-39407 | medium | — | hono | 4.12.7 | — |
| CVE-2026-39408 | medium | — | hono | 4.12.7 | — |
| CVE-2026-39409 | medium | — | hono | 4.12.7 | — |
| CVE-2026-39410 | medium | — | hono | 4.12.7 | — |
| CVE-2026-40175 | medium | — | axios | 1.13.6 | — |
| CVE-2026-41238 | medium | — | dompurify | 3.3.3 | — |
| CVE-2026-41239 | medium | — | dompurify | 3.3.3 | — |
| CVE-2026-41240 | medium | — | dompurify | 3.3.3 | — |
| CVE-2026-41305 | medium | — | postcss | 8.5.6 | — |
| CVE-2026-41417 | medium | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-41650 | medium | — | fast-xml-parser | 5.5.8 | — |
| CVE-2026-41907 | medium | — | uuid | 11.1.0 | — |
| CVE-2026-42034 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42036 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42037 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42038 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42039 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42041 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42042 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42044 | medium | — | axios | 1.13.6 | — |
| CVE-2026-42308 | medium | — | pillow | 8.3.2 | — |
| CVE-2026-42310 | medium | — | pillow | 8.3.2 | — |
| CVE-2026-42338 | medium | — | ip-address | 9.0.5 | — |
| CVE-2026-42580 | medium | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-42581 | medium | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-42585 | medium | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2026-44455 | medium | — | hono | 4.12.7 | — |
| CVE-2026-44456 | medium | — | hono | 4.12.7 | — |
| CVE-2026-4923 | medium | — | path-to-regexp | 8.3.0 | — |
| CVE-2026-5588 | medium | — | org.bouncycastle:bcpkix-jdk18on | 1.78.1 | — |
| GHSA-26pp-8wgv-hjvm | medium | — | hono | 4.12.7 | — |
| GHSA-39q2-94rc-95cp | medium | — | dompurify | 3.3.3 | — |
| GHSA-458j-xx4x-4375 | medium | — | hono | 4.12.7 | — |
| GHSA-67mh-4wv8-2f99 | medium | — | esbuild | 0.18.20 | — |
| GHSA-72hv-8253-57qq | medium | — | com.fasterxml.jackson.core:jackson-core | 2.16.0 | — |
| GHSA-7rx3-28cr-v5wh | medium | — | handlebars | 4.7.8 | — |
| GHSA-mw6j-hh29-h379 | medium | — | tensorflow | 2.6.0 | — |
| GHSA-pjjw-qhg8-p2p9 | medium | — | aiohttp | 3.7.4 | — |
| GHSA-r4q5-vmmm-2653 | medium | — | follow-redirects | 1.15.6 | — |
| GHSA-rf74-v2fm-23pw | medium | — | nltk | 3.6.3 | — |
| GHSA-wcv5-vrvr-3rx2 | medium | — | tensorflow | 2.6.0 | — |
| CVE-2022-36015 | low | — | tensorflow | 2.6.0 | — |
| CVE-2022-36016 | low | — | tensorflow | 2.6.0 | — |
| CVE-2023-47641 | low | — | aiohttp | 3.7.4 | — |
| CVE-2024-47764 | low | — | cookie | 0.5.0 | — |
| CVE-2025-13473 | low | — | django | 4.2.27 | — |
| CVE-2025-14550 | low | — | django | 4.2.27 | — |
| CVE-2025-2953 | low | — | torch | 2.6.0 | — |
| CVE-2025-53643 | low | — | aiohttp | 3.7.4 | — |
| CVE-2025-58056 | low | — | io.netty:netty-codec-http | 4.2.0.Alpha4 | — |
| CVE-2025-58751 | low | — | vite | 6.3.5 | — |
| CVE-2025-58752 | low | — | vite | 6.3.5 | — |
| CVE-2025-5889 | low | — | brace-expansion | 2.0.1 | — |
| CVE-2025-69224 | low | — | aiohttp | 3.7.4 | — |
| CVE-2025-69225 | low | — | aiohttp | 3.7.4 | — |
| CVE-2025-69226 | low | — | aiohttp | 3.7.4 | — |
| CVE-2025-69230 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-1285 | low | — | django | 4.2.27 | — |
| CVE-2026-2391 | low | — | qs | 6.13.0 | — |
| CVE-2026-24001 | low | — | diff | 5.2.0 | — |
| CVE-2026-25674 | low | — | django | 4.2.27 | — |
| CVE-2026-27205 | low | — | flask | 2.0.2 | — |
| CVE-2026-3449 | low | — | @tootallnate/once | 1.1.2 | — |
| CVE-2026-34513 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-34514 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-34517 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-34518 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-34519 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-34520 | low | — | aiohttp | 3.7.4 | — |
| CVE-2026-42040 | low | — | axios | 1.13.6 | — |
| CVE-2026-4277 | low | — | django | 4.2.27 | — |
| CVE-2026-4292 | low | — | django | 4.2.27 | — |
| GHSA-442j-39wm-28r2 | low | — | handlebars | 4.7.8 | — |
| GHSA-4fx9-vc88-q2xc | low | — | pillow | 8.3.2 | — |
| GHSA-cq8v-f236-94qc | low | — | rand | 0.8.5 | — |
| GHSA-cqvq-fvhr-v6hc | low | — | tensorflow | 2.6.0 | — |
| GHSA-xf83-q765-xm6m | low | — | tensorflow | 2.6.0 | — |
| CVE-2023-25399 | unknown | — | scipy | 1.7.1 | — |
| CVE-2023-29824 | unknown | — | scipy | 1.7.1 | — |
| PYSEC-2023-175 | unknown | — | pillow | 8.3.2 | — |
| PYSEC-2023-183 | unknown | — | opencv-python | 4.5.3.56 | — |
| RUSTSEC-2026-0097 | unknown | — | rand | 0.8.5 | — |
Showing 466 of 479