Tools / InvenTree / Dependencies

Dependency Analysis

InvenTree

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

66% Freshness

1253 Dependencies

311 Outdated

0 Stale

8.4 Avg Behind

Dependency List

Latest release 1.3.2

All 1252 Outdated 508 Has CVE 6 GPL 22

Dependency	Type	Current	Latest	Behind	CVE	License
dulwich pypi	Direct	1.1.0	1.2.6	7 behind	—	Apache-2.0 AND GPL-2.0-only
dulwich pypi	Direct	1.1.0	1.2.6	7 behind	—	Apache-2.0 AND GPL-2.0-only
docutils pypi	Direct	0.22.4	0.23.0	2 behind	—	BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain
docutils pypi	Direct	0.22.4	0.23.0	2 behind	—	BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain
lxml pypi	Direct	6.1.0	6.1.1	1 behind	—	BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference
lxml pypi	Direct	6.1.0	6.1.1	1 behind	—	BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference
paramiko pypi	Direct	4.0.0	5.0.0	1 behind	—	LGPL-2.1-only
paramiko pypi	Direct	4.0.0	5.0.0	1 behind	—	LGPL-2.1-only
psycopg pypi	Direct	3.3.3	3.3.4	1 behind	—	LGPL-3.0 AND LGPL-3.0-only
psycopg-pool pypi	Direct	3.3.0	3.3.1	1 behind	—	LGPL-3.0-only
gitdb pypi	Direct	4.0.12	4.0.12	Current	—	BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
gprof2dot pypi	Direct	2025.4.14	2025.4.14	Current	—	LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later
gprof2dot pypi	Direct	2025.4.14	2025.4.14	Current	—	LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later
mariadb pypi	Direct	1.1.14	—	—	—	LGPL-2.0-or-later AND LGPL-2.1 AND LGPL-2.1-only AND LGPL-2.1-or-later AND Python-2.0
mysqlclient pypi	Direct	2.2.8	—	—	—	GPL-2.0 AND GPL-2.0-only
pyphen pypi	Direct	0.17.2	0.17.2	Current	—	GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1
pyphen pypi	Direct	0.17.2	0.17.2	Current	—	GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1
rapidfuzz pypi	Direct	3.14.5	3.14.5	Current	—	GPL-1.0-or-later AND MIT
rapidfuzz pypi	Direct	3.14.5	3.14.5	Current	—	GPL-1.0-or-later AND MIT
typing-extensions pypi	Direct	4.15.0	4.15.0	Current	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
typing-extensions pypi	Direct	4.15.0	4.15.0	Current	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
typing-extensions pypi	Direct	4.15.0	4.15.0	Current	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD

License Breakdown

MIT 779

Unknown 157

BSD-3-Clause 61

Apache-2.0 56

ISC 53

BSD-2-Clause AND BSD-3-Clause 27

BSD-2-Clause 15

BlueOak-1.0.0 12

BSD-2-Clause AND BSD-3-Clause AND MIT 5

MPL-2.0 4

Apache-2.0 AND BSD-2-Clause 3

CC0-1.0 AND MIT 3

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 3

(CC-BY-4.0 AND MIT) 2

0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 2

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 2

Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1 2

Apache-2.0 AND BSD-3-Clause AND MPL-2.0 2

Apache-2.0 AND GPL-2.0-only 2

Apache-2.0 AND LicenseRef-scancode-generic-cla AND MIT 2

Apache-2.0 AND MIT 2

Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 2

BSD-2-Clause AND BSD-3-Clause AND BSD-Advertising-Acknowledgement 2

BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain 2

BSD-2-Clause AND LicenseRef-scancode-other-permissive 2

BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference 2

BSD-3-Clause OR Apache-2.0 2

CC-BY-3.0 AND MIT 2

GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND MPL-1.1 2

GPL-1.0-or-later AND MIT 2

LGPL-2.1-only 2

LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later 2

LicenseRef-scancode-public-domain 2

MIT AND HPND 2

MIT AND HPND-Markus-Kuhn 2

MIT-0 2

MIT-CMU 2

PSF-2.0 2

PSF-2.0 AND Python-2.0 2

Unlicense 2

(MPL-2.0 OR Apache-2.0) 1

0BSD 1

0BSD AND ISC AND MIT 1

Apache-2.0 AND BSD-2-Clause AND CC0-1.0 AND ISC AND MIT 1

Apache-2.0 AND Python-2.0 1

BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1

BSD-2-Clause AND BSD-3-Clause AND PSF-2.0 AND Python-2.0 AND Python-2.0.1 1

BSD-3-Clause AND MIT 1

CC-BY-3.0 1

CC-BY-4.0 1

CC0-1.0 1

GPL-2.0 AND GPL-2.0-only 1

ISC AND JSON AND MIT 1

LGPL-2.0-or-later AND LGPL-2.1 AND LGPL-2.1-only AND LGPL-2.1-or-later AND Python-2.0 1

LGPL-3.0 AND LGPL-3.0-only 1

LGPL-3.0-only 1

MIT AND python-ldap 1

MIT OR (CC0-1.0 AND MIT) 1

MIT OR AFL-2.1 1

Python-2.0 1

CVE Severity

critical 0

high 4

medium 2

low 0

unknown 0