Skip to content
Tools / genkit / Security

Security Deep Dive

genkit

Security posture and CVE patch evidence from tracked releases.

Back to Tool

2 actively-exploited dependency CVEs affects @genkit-ai/[email protected].

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

20 versions tracked
Version Published C H M L KEV Notes
@genkit-ai/[email protected] 2026-05-28
Latest
@genkit-ai/[email protected] 2026-05-28
v1.36.0 2026-05-27
v1.35.0 2026-05-21
v1.34.0 2026-05-12
go/v1.8.0 2026-05-06
Patches CVE-2023-4863 Patches CVE-2025-31125
go/v1.7.0 2026-04-29 1 1 KEV 2
v1.33.0 2026-04-24 1 1 KEV 2
v1.32.0 2026-04-10 1 1 KEV 2
go/v1.6.1 2026-04-06 1 1 KEV 2
go/v1.6.0 2026-04-02 1 1 KEV 2
go/v1.5.1 2026-03-31 1 1 KEV 2
py/v0.5.2 2026-03-27 1 1 KEV 2
v1.31.0 2026-03-27 1 1 KEV 2
go/v1.5.0 2026-03-19 1 1 KEV 2
v1.30.1 2026-03-13 1 1 KEV 2
py/v0.5.1 2026-02-20 1 1 KEV 2
v1.29.0 2026-02-20 1 1 KEV 2
py/v0.5.0 2026-02-04 1 1 KEV 2
v1.28.0 2026-01-22 1 1 KEV 2
— Signed — SLSA — SBOM ✗ Security policy Weekly cadence · 5d median Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Absent
GitHub repository metadata Repository policy
Checked: 23d ago
Release cadence: weekly Present
5d median over recent releases Release history
Latest release: 6d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 2d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 6d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 6d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 6d ago
0.5/10 Security Score
Dependency Exposure 317 transitive dependency CVEs found in the latest SBOM. 18 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.933

freshness

1.00 / 1.0

1d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 18c/149h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.933
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
18 Transitive critical CVEs
2 KEV-transitive CVEs
41% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low
2026
2
CVE Severity EPSS Disclosed Fixed in Days to fix vs Ecosystem Median KEV
CVE-2023-4863 HIGH 99%ile go/v1.8.0 KEV
CVE-2025-31125 MEDIUM 99%ile go/v1.8.0 KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

11520 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

18

High

149

Medium

119

Low

23

Unknown

8

2 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (57) All (317)
Critical 18 High 149 Medium 119 Low 23 Unknown 8
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2014-3007 critical pillow v1.34.0
CVE-2016-4009 critical pillow v1.34.0
CVE-2020-11538 critical pillow v1.34.0
CVE-2020-5310 critical pillow v1.34.0
CVE-2020-5311 critical pillow v1.34.0
CVE-2020-5312 critical pillow v1.34.0
CVE-2021-25289 critical pillow v1.34.0
CVE-2021-34552 critical pillow v1.34.0
CVE-2021-41945 critical httpx v1.34.0
CVE-2022-22817 critical pillow v1.34.0
CVE-2023-50447 critical pillow v1.34.0
CVE-2025-7783 critical form-data 2.5.2 v1.34.0
CVE-2026-25896 critical fast-xml-parser 4.5.1 v1.34.0
CVE-2026-27699 critical basic-ftp 5.0.5 v1.34.0
CVE-2026-33186 critical google.golang.org/grpc v1.73.0 v1.34.0
CVE-2026-33816 critical github.com/jackc/pgx/v5 v5.7.5 v1.34.0
CVE-2026-33937 critical handlebars 4.7.8 v1.34.0
CVE-2026-41242 critical protobufjs 7.5.4 v1.34.0
CVE-2014-1932 high pillow v1.34.0
CVE-2014-3589 high pillow v1.34.0
CVE-2014-3598 high pillow v1.34.0
CVE-2014-9601 high pillow v1.34.0
CVE-2016-0775 high pillow v1.34.0
CVE-2016-2533 high pillow v1.34.0
CVE-2016-3076 high pillow v1.34.0
CVE-2016-9190 high pillow v1.34.0
CVE-2018-1000656 high flask v1.34.0
CVE-2019-1010083 high flask v1.34.0
CVE-2019-16865 high pillow v1.34.0
CVE-2019-19911 high pillow v1.34.0
CVE-2020-10177 high pillow v1.34.0
CVE-2020-10378 high pillow v1.34.0
CVE-2020-10379 high pillow v1.34.0
CVE-2020-10994 high pillow v1.34.0
CVE-2020-35653 high pillow v1.34.0
CVE-2020-35654 high pillow v1.34.0
CVE-2020-5313 high pillow v1.34.0
CVE-2020-7694 high uvicorn v1.34.0
CVE-2020-7695 high uvicorn v1.34.0
CVE-2021-23437 high pillow v1.34.0
CVE-2021-25287 high pillow v1.34.0
CVE-2021-25288 high pillow v1.34.0
CVE-2021-25290 high pillow v1.34.0
CVE-2021-25291 high pillow v1.34.0
CVE-2021-25293 high pillow v1.34.0
CVE-2021-27921 high pillow v1.34.0
CVE-2021-27922 high pillow v1.34.0
CVE-2021-27923 high pillow v1.34.0
CVE-2021-28675 high pillow v1.34.0
CVE-2021-28676 high pillow v1.34.0
CVE-2021-28677 high pillow v1.34.0
CVE-2022-24303 high pillow v1.34.0
CVE-2022-30595 high pillow v1.34.0
CVE-2022-45198 high pillow v1.34.0
CVE-2022-45199 high pillow v1.34.0
CVE-2023-30861 high flask v1.34.0
CVE-2023-44271 high pillow v1.34.0
CVE-2023-4863 high KEV pillow v1.34.0
CVE-2024-12905 high tar-fs 3.0.5 v1.34.0
CVE-2024-24762 high fastapi 0.100.0 v1.34.0
CVE-2024-28219 high pillow v1.34.0
CVE-2024-4367 high pdfjs-dist 4.0.379 v1.34.0
CVE-2024-45590 high body-parser 1.20.2 v1.34.0
CVE-2025-12735 high expr-eval 2.0.2 v1.34.0
CVE-2025-12816 high node-forge 1.3.1 v1.34.0
CVE-2025-13204 high expr-eval 2.0.2 v1.34.0
CVE-2025-27152 high axios 1.7.9 v1.34.0
CVE-2025-48379 high pillow v1.34.0
CVE-2025-48387 high tar-fs 3.0.5 v1.34.0
CVE-2025-53109 high @modelcontextprotocol/server-filesystem 0.5.1 v1.34.0
CVE-2025-53110 high @modelcontextprotocol/server-filesystem 0.5.1 v1.34.0
CVE-2025-58754 high axios 1.7.9 v1.34.0
CVE-2025-59343 high tar-fs 3.0.5 v1.34.0
CVE-2025-62610 high hono 4.6.0 v1.34.0
CVE-2025-62727 high starlette 0.46.1 v1.34.0
CVE-2025-64756 high glob 10.4.5 v1.34.0
CVE-2025-65945 high jws 3.2.2 v1.34.0
CVE-2025-66031 high node-forge 1.3.1 v1.34.0
CVE-2025-66035 high @angular/common 19.2.0 v1.34.0
CVE-2025-66412 high @angular/compiler 19.2.0 v1.34.0
CVE-2025-66414 high @modelcontextprotocol/sdk 1.13.1 v1.34.0
CVE-2025-67818 high github.com/weaviate/weaviate v1.30.0 v1.34.0
CVE-2025-67819 high github.com/weaviate/weaviate v1.30.0 v1.34.0
CVE-2025-68130 high @trpc/server 10.45.0 v1.34.0
CVE-2025-68665 high @langchain/core 0.1.63 v1.34.0
CVE-2025-68665 high langchain 0.1.37 v1.34.0
CVE-2026-0621 high @modelcontextprotocol/sdk 1.13.1 v1.34.0
CVE-2026-22610 high @angular/compiler 19.2.0 v1.34.0
CVE-2026-22610 high @angular/core 19.2.0 v1.34.0
CVE-2026-22817 high hono 4.6.0 v1.34.0
CVE-2026-22818 high hono 4.6.0 v1.34.0
CVE-2026-23745 high tar 6.2.1 v1.34.0
CVE-2026-23950 high tar 6.2.1 v1.34.0
CVE-2026-24051 high go.opentelemetry.io/otel/sdk v1.36.0 v1.34.0
CVE-2026-2473 high google-cloud-aiplatform 1.77.0 v1.34.0
CVE-2026-24842 high tar 6.2.1 v1.34.0
CVE-2026-25536 high @modelcontextprotocol/sdk 1.13.1 v1.34.0
CVE-2026-25547 high @isaacs/brace-expansion 5.0.0 v1.34.0
CVE-2026-25639 high axios 1.7.9 v1.34.0
CVE-2026-25990 high pillow v1.34.0
CVE-2026-26278 high fast-xml-parser 4.5.1 v1.34.0
CVE-2026-26960 high tar 6.2.1 v1.34.0
CVE-2026-26996 high minimatch 10.0.1 v1.34.0
CVE-2026-27606 high rollup 4.37.0 v1.34.0
CVE-2026-27903 high minimatch 10.0.1 v1.34.0
CVE-2026-27904 high minimatch 10.0.1 v1.34.0
CVE-2026-27970 high @angular/core 19.2.0 v1.34.0
CVE-2026-29045 high hono 4.6.0 v1.34.0
CVE-2026-29063 high immutable 5.0.3 v1.34.0
CVE-2026-29087 high @hono/node-server 1.13.0 v1.34.0
CVE-2026-29181 high go.opentelemetry.io/otel v1.36.0 v1.34.0
CVE-2026-29786 high tar 6.2.1 v1.34.0
CVE-2026-30922 high pyasn1 0.6.2 v1.34.0
CVE-2026-31802 high tar 6.2.1 v1.34.0
CVE-2026-32141 high flatted 3.3.2 v1.34.0
CVE-2026-32285 high github.com/buger/jsonparser v1.1.1 v1.34.0
CVE-2026-32635 high @angular/compiler 19.2.0 v1.34.0
CVE-2026-32635 high @angular/core 19.2.0 v1.34.0
CVE-2026-33036 high fast-xml-parser 5.3.6 v1.34.0
CVE-2026-33079 high mistune 3.2.0 v1.34.0
CVE-2026-33151 high socket.io-parser 4.2.4 v1.34.0
CVE-2026-33228 high flatted 3.3.2 v1.34.0
CVE-2026-33671 high picomatch 2.3.1 v1.34.0
CVE-2026-33891 high node-forge 1.3.3 v1.34.0
CVE-2026-33894 high node-forge 1.3.3 v1.34.0
CVE-2026-33895 high node-forge 1.3.3 v1.34.0
CVE-2026-33896 high node-forge 1.3.3 v1.34.0
CVE-2026-33938 high handlebars 4.7.8 v1.34.0
CVE-2026-33939 high handlebars 4.7.8 v1.34.0
CVE-2026-33940 high handlebars 4.7.8 v1.34.0
CVE-2026-33941 high handlebars 4.7.8 v1.34.0
CVE-2026-34986 high github.com/go-jose/go-jose/v4 v4.1.0 v1.34.0
CVE-2026-35397 high jupyter-server 2.17.0 v1.34.0
CVE-2026-39363 high vite 6.2.0 v1.34.0
CVE-2026-39883 high go.opentelemetry.io/otel/sdk v1.36.0 v1.34.0
CVE-2026-39983 high basic-ftp 5.2.0 v1.34.0
CVE-2026-40110 high jupyter-server 2.17.0 v1.34.0
CVE-2026-40171 high jupyterlab 4.5.4 v1.34.0
CVE-2026-40171 high notebook 7.5.3 v1.34.0
CVE-2026-40192 high pillow 12.1.1 v1.34.0
CVE-2026-40934 high jupyter-server 2.17.0 v1.34.0
CVE-2026-41324 high basic-ftp 5.2.0 v1.34.0
CVE-2026-42033 high axios 1.7.9 v1.34.0
CVE-2026-42035 high axios 1.7.9 v1.34.0
CVE-2026-42043 high axios 1.7.9 v1.34.0
CVE-2026-42215 high gitpython 3.1.46 v1.34.0
CVE-2026-42264 high axios 1.7.9 v1.34.0
CVE-2026-42266 high jupyterlab 4.5.4 v1.34.0
CVE-2026-42284 high gitpython 3.1.46 v1.34.0
CVE-2026-42311 high pillow 12.1.1 v1.34.0
CVE-2026-42557 high notebook 7.5.3 v1.34.0
CVE-2026-42557 high jupyterlab 4.5.4 v1.34.0
CVE-2026-42561 high python-multipart 0.0.22 v1.34.0
CVE-2026-44240 high basic-ftp 5.2.0 v1.34.0
CVE-2026-44243 high gitpython 3.1.46 v1.34.0
CVE-2026-44244 high gitpython 3.1.46 v1.34.0
CVE-2026-44665 high fast-xml-builder 1.1.2 v1.34.0
CVE-2026-44728 high @babel/plugin-transform-modules-systemjs 7.25.9 v1.34.0
CVE-2026-4800 high lodash-es 4.17.21 v1.34.0
CVE-2026-4800 high lodash 4.17.21 v1.34.0
CVE-2026-4867 high path-to-regexp 0.1.12 v1.34.0
CVE-2026-4926 high path-to-regexp 8.3.0 v1.34.0
CVE-2026-6321 high fast-uri 3.0.6 v1.34.0
CVE-2026-6322 high fast-uri 3.0.6 v1.34.0
GHSA-5c6j-r48x-rmvq high serialize-javascript 6.0.2 v1.34.0
GHSA-6v7q-wjvx-w8wg high basic-ftp 5.2.0 v1.34.0
GHSA-q4gf-8mx6-v5v3 high next 15.5.12 v1.34.0
CVE-2014-1933 medium pillow v1.34.0
CVE-2016-0740 medium pillow v1.34.0
CVE-2016-9189 medium pillow v1.34.0
CVE-2020-35655 medium pillow v1.34.0
CVE-2021-25292 medium pillow v1.34.0
CVE-2021-28678 medium pillow v1.34.0
CVE-2021-29510 medium pydantic v1.34.0
CVE-2022-22815 medium pillow v1.34.0
CVE-2022-22816 medium pillow v1.34.0
CVE-2024-3772 medium pydantic 2.0.0 v1.34.0
CVE-2024-43788 medium webpack 5.90.3 v1.34.0
CVE-2024-48913 medium hono 4.6.0 v1.34.0
CVE-2024-53382 medium prismjs 1.29.0 v1.34.0
CVE-2024-7774 medium langchain 0.1.37 v1.34.0
CVE-2025-13465 medium lodash 4.17.21 v1.34.0
CVE-2025-13465 medium lodash-es 4.17.21 v1.34.0
CVE-2025-13466 medium body-parser 2.2.0 v1.34.0
CVE-2025-15284 medium qs 6.13.0 v1.34.0
CVE-2025-15599 medium dompurify 3.2.6 v1.34.0
CVE-2025-27789 medium @babel/helpers 7.26.9 v1.34.0
CVE-2025-27789 medium @babel/runtime 7.26.7 v1.34.0
CVE-2025-30208 medium vite 6.2.0 v1.34.0
CVE-2025-30359 medium webpack-dev-server 5.2.0 v1.34.0
CVE-2025-30360 medium webpack-dev-server 5.2.0 v1.34.0
CVE-2025-31125 medium KEV vite 6.2.0 v1.34.0
CVE-2025-31486 medium vite 6.2.0 v1.34.0
CVE-2025-32395 medium vite 6.2.0 v1.34.0
CVE-2025-32996 medium http-proxy-middleware 2.0.7 v1.34.0
CVE-2025-32997 medium http-proxy-middleware 2.0.7 v1.34.0
CVE-2025-46565 medium vite 6.2.0 v1.34.0
CVE-2025-47914 medium golang.org/x/crypto v0.40.0 v1.34.0
CVE-2025-54121 medium starlette 0.46.1 v1.34.0
CVE-2025-58181 medium golang.org/x/crypto v0.40.0 v1.34.0
CVE-2025-59139 medium hono 4.6.0 v1.34.0
CVE-2025-61669 medium jupyter-server 2.17.0 v1.34.0
CVE-2025-62522 medium vite 6.2.0 v1.34.0
CVE-2025-62718 medium axios 1.7.9 v1.34.0
CVE-2025-64718 medium js-yaml 4.1.0 v1.34.0
CVE-2025-66030 medium node-forge 1.3.1 v1.34.0
CVE-2025-69873 medium ajv 8.17.1 v1.34.0
CVE-2025-71176 medium pytest 9.0.2 v1.34.0
CVE-2026-0540 medium dompurify 3.2.6 v1.34.0
CVE-2026-24398 medium hono 4.6.0 v1.34.0
CVE-2026-24472 medium hono 4.6.0 v1.34.0
CVE-2026-24473 medium hono 4.6.0 v1.34.0
CVE-2026-24771 medium hono 4.6.0 v1.34.0
CVE-2026-25645 medium requests 2.32.5 v1.34.0
CVE-2026-26019 medium @langchain/community 0.0.53 v1.34.0
CVE-2026-27795 medium @langchain/community 0.0.53 v1.34.0
CVE-2026-27980 medium next 15.5.12 v1.34.0
CVE-2026-28684 medium python-dotenv 1.2.1 v1.34.0
CVE-2026-29057 medium next 15.5.12 v1.34.0
CVE-2026-29085 medium hono 4.6.0 v1.34.0
CVE-2026-29086 medium hono 4.6.0 v1.34.0
CVE-2026-2950 medium lodash-es 4.17.21 v1.34.0
CVE-2026-2950 medium lodash 4.17.21 v1.34.0
CVE-2026-3219 medium pip 26.0.1 v1.34.0
CVE-2026-33123 medium pypdf 6.8.0 v1.34.0
CVE-2026-33349 medium fast-xml-parser 5.3.6 v1.34.0
CVE-2026-33532 medium yaml 2.8.2 v1.34.0
CVE-2026-33672 medium picomatch 2.3.1 v1.34.0
CVE-2026-33699 medium pypdf 6.8.0 v1.34.0
CVE-2026-33750 medium brace-expansion 2.0.1 v1.34.0
CVE-2026-33916 medium handlebars 4.7.8 v1.34.0
CVE-2026-34043 medium serialize-javascript 6.0.2 v1.34.0
CVE-2026-39365 medium vite 6.2.0 v1.34.0
CVE-2026-39377 medium nbconvert 7.17.0 v1.34.0
CVE-2026-39378 medium nbconvert 7.17.0 v1.34.0
CVE-2026-39406 medium @hono/node-server 1.19.11 v1.34.0
CVE-2026-39407 medium hono 4.12.7 v1.34.0
CVE-2026-39408 medium hono 4.12.7 v1.34.0
CVE-2026-39409 medium hono 4.12.7 v1.34.0
CVE-2026-39410 medium hono 4.12.7 v1.34.0
CVE-2026-39865 medium axios 1.13.1 v1.34.0
CVE-2026-39892 medium cryptography 46.0.5 v1.34.0
CVE-2026-40175 medium axios 1.7.9 v1.34.0
CVE-2026-40190 medium langsmith 0.1.68 v1.34.0
CVE-2026-40260 medium pypdf 6.8.0 v1.34.0
CVE-2026-40347 medium python-multipart 0.0.22 v1.34.0
CVE-2026-41168 medium pypdf 6.8.0 v1.34.0
CVE-2026-41182 medium langsmith 0.1.68 v1.34.0
CVE-2026-41238 medium dompurify 3.2.6 v1.34.0
CVE-2026-41239 medium dompurify 3.2.6 v1.34.0
CVE-2026-41240 medium dompurify 3.2.6 v1.34.0
CVE-2026-41305 medium postcss 8.4.38 v1.34.0
CVE-2026-41312 medium pypdf 6.8.0 v1.34.0
CVE-2026-41313 medium pypdf 6.8.0 v1.34.0
CVE-2026-41314 medium pypdf 6.8.0 v1.34.0
CVE-2026-41650 medium fast-xml-parser 5.3.6 v1.34.0
CVE-2026-41686 medium @anthropic-ai/sdk 0.90.0 v1.34.0
CVE-2026-41907 medium uuid 11.1.0 v1.34.0
CVE-2026-42034 medium axios 1.7.9 v1.34.0
CVE-2026-42036 medium axios 1.7.9 v1.34.0
CVE-2026-42037 medium axios 1.7.9 v1.34.0
CVE-2026-42038 medium axios 1.7.9 v1.34.0
CVE-2026-42039 medium axios 1.7.9 v1.34.0
CVE-2026-42041 medium axios 1.7.9 v1.34.0
CVE-2026-42042 medium axios 1.7.9 v1.34.0
CVE-2026-42044 medium axios 1.7.9 v1.34.0
CVE-2026-42308 medium pillow 12.1.1 v1.34.0
CVE-2026-42309 medium pillow 12.1.1 v1.34.0
CVE-2026-42310 medium pillow 12.1.1 v1.34.0
CVE-2026-42338 medium ip-address 10.1.0 v1.34.0
CVE-2026-44455 medium hono 4.12.7 v1.34.0
CVE-2026-44456 medium hono 4.12.7 v1.34.0
CVE-2026-4923 medium path-to-regexp 8.3.0 v1.34.0
CVE-2026-6357 medium pip 26.0.1 v1.34.0
GHSA-26pp-8wgv-hjvm medium hono 4.12.7 v1.34.0
GHSA-39q2-94rc-95cp medium dompurify 3.2.6 v1.34.0
GHSA-458j-xx4x-4375 medium hono 4.12.7 v1.34.0
GHSA-67mh-4wv8-2f99 medium esbuild 0.23.1 v1.34.0
GHSA-7rx3-28cr-v5wh medium handlebars 4.7.8 v1.34.0
GHSA-cj63-jhhr-wcxv medium dompurify 3.2.6 v1.34.0
GHSA-cjmm-f4jc-qw8r medium dompurify 3.2.6 v1.34.0
GHSA-h8r8-wccr-v5f2 medium dompurify 3.2.6 v1.34.0
GHSA-jgpv-4h4c-xhw3 medium pillow v1.34.0
GHSA-q7jf-gf43-6x6p medium hono 4.6.0 v1.34.0
GHSA-r4q5-vmmm-2653 medium follow-redirects 1.15.9 v1.34.0
GHSA-v8w9-8mx6-g223 medium hono 4.6.0 v1.34.0
CVE-2024-53384 low tsup 8.0.2 v1.34.0
CVE-2024-7042 low @langchain/community 0.0.53 v1.34.0
CVE-2025-47278 low flask v1.34.0
CVE-2025-54798 low tmp 0.0.33 v1.34.0
CVE-2025-58751 low vite 6.2.0 v1.34.0
CVE-2025-58752 low vite 6.2.0 v1.34.0
CVE-2025-5889 low brace-expansion 2.0.1 v1.34.0
CVE-2025-68157 low webpack 5.98.0 v1.34.0
CVE-2025-68458 low webpack 5.98.0 v1.34.0
CVE-2025-7339 low on-headers 1.0.2 v1.34.0
CVE-2026-2391 low qs 6.13.0 v1.34.0
CVE-2026-24001 low diff 4.0.2 v1.34.0
CVE-2026-27205 low flask v1.34.0
CVE-2026-27942 low fast-xml-parser 5.3.6 v1.34.0
CVE-2026-34073 low cryptography 46.0.5 v1.34.0
CVE-2026-3449 low @tootallnate/once 2.0.0 v1.34.0
CVE-2026-41889 low github.com/jackc/pgx/v5 v5.7.5 v1.34.0
CVE-2026-42040 low axios 1.7.9 v1.34.0
CVE-2026-4539 low pygments 2.19.2 v1.34.0
GHSA-442j-39wm-28r2 low handlebars 4.7.8 v1.34.0
GHSA-4fx9-vc88-q2xc low pillow v1.34.0
GHSA-gq3j-xvxp-8hrf low hono 4.6.0 v1.34.0
GHSA-pjjw-68hj-v9mw low uv 0.10.2 v1.34.0
CVE-2025-47911 unknown golang.org/x/net v0.41.0 v1.34.0
CVE-2025-47913 unknown golang.org/x/crypto v0.40.0 v1.34.0
CVE-2025-58190 unknown golang.org/x/net v0.41.0 v1.34.0
CVE-2026-33814 unknown golang.org/x/net v0.41.0 v1.34.0
CVE-2026-33815 unknown github.com/jackc/pgx/v5 v5.7.5 v1.34.0
OSV-2022-1074 unknown pillow v1.34.0
OSV-2022-715 unknown pillow v1.34.0
PYSEC-2023-175 unknown pillow v1.34.0

Showing 317 of 317

Beta — feedback welcome: [email protected]