Mailu

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

64% Freshness

158 Dependencies

37 Outdated

0 Stale

8.5 Avg Behind

Dependency List

Latest release 2024.06.50

All 157 Outdated 40 Has CVE 16 GPL 7

Dependency	Type	Current	Latest	Behind	CVE	License
aiohttp pypi	Direct	3.9.5	3.14.0	75 behind	20 high	Apache-2.0
mysql-connector-python pypi	Direct	8.4.0	9.7.0	8 behind	1 high	Apache-2.0 AND GPL-3.0-or-later
wheel pypi	Direct	0.43.0	0.47.0	8 behind	1 high	MIT
requests pypi	Direct	2.31.0	2.34.2	12 behind	3 medium	Apache-2.0
jinja2 pypi	Direct	3.1.4	3.1.6	2 behind	3 medium	BSD-2-Clause AND BSD-3-Clause
flask pypi	Direct	3.0.3	3.1.3	4 behind	1 low	BSD-2-Clause AND BSD-3-Clause
pygments pypi	Direct	2.18.0	2.20.0	4 behind	1 low	BSD-2-Clause
wrapt pypi	Direct	1.16.0	2.2.1	41 behind	—	BSD-2-Clause
pyparsing pypi	Direct	2.4.7	3.3.2	40 behind	—	MIT
yarl pypi	Direct	1.9.4	1.24.2	36 behind	—	Apache-2.0
sphinx pypi	Direct	7.3.7	9.1.0	35 behind	—	BSD-2-Clause AND BSD-3-Clause
rpds-py pypi	Direct	0.18.0	2026.5.1	21 behind	—	MIT
multidict pypi	Direct	6.0.5	6.7.1	19 behind	—	Apache-2.0
docutils pypi	Direct	0.20.1	0.23.0	17 behind	—	BSD-2-Clause
greenlet pypi	Direct	3.0.3	3.5.1	14 behind	—	MIT AND PSF-2.0
typing-extensions pypi	Direct	4.11.0	4.15.0	14 behind	—	Python-2.0.1
sphinx-rtd-theme pypi	Direct	2.0.0	3.1.0	12 behind	—	MIT
click pypi	Direct	8.1.7	8.4.1	10 behind	—	BSD-3-Clause
importlib-resources pypi	Direct	6.4.0	7.1.0	10 behind	—	Apache-2.0
xmltodict pypi	Direct	0.13.0	1.0.4	10 behind	—	MIT
tenacity pypi	Direct	8.2.3	9.1.4	9 behind	—	Apache-2.0
attrs pypi	Direct	23.2.0	26.1.0	8 behind	—	MIT
charset-normalizer pypi	Direct	3.3.2	3.4.7	8 behind	—	LGPL-2.1-only AND MIT AND MPL-1.1
sphinx-autobuild pypi	Direct	2024.4.16	2025.8.25	7 behind	—	MIT
watchdog pypi	Direct	4.0.0	6.0.0	7 behind	—	Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause)
deprecated pypi	Direct	1.2.14	1.3.1	6 behind	—	MIT
cffi pypi	Direct	1.16.0	2.0.0	5 behind	—	MIT
frozenlist pypi	Direct	1.4.1	1.8.0	5 behind	—	Apache-2.0
bcrypt pypi	Direct	4.1.3	5.0.0	4 behind	—	Apache-2.0
markupsafe pypi	Direct	2.1.5	3.0.3	4 behind	—	BSD-2-Clause AND BSD-3-Clause
referencing pypi	Direct	0.35.1	0.37.0	4 behind	—	MIT
babel pypi	Direct	2.15.0	2.18.0	3 behind	—	BSD-2-Clause AND BSD-3-Clause
flask-marshmallow pypi	Direct	1.2.1	1.5.0	3 behind	—	MIT
jsonschema-specifications pypi	Direct	2023.12.1	2025.9.1	3 behind	—	MIT
pyyaml pypi	Direct	6.0.1	6.0.3	3 behind	—	MIT
aiosignal pypi	Direct	1.3.1	1.4.0	2 behind	—	Apache-2.0
flask-wtf pypi	Direct	1.2.1	1.3.0	2 behind	—	BSD-2-Clause AND BSD-3-Clause
six pypi	Direct	1.16.0	1.17.0	1 behind	—	MIT
tabulate pypi	Direct	0.9.0	0.10.0	1 behind	—	MIT
uvloop pypi	Direct	0.21.0	0.22.1	1 behind	—	Apache-2.0 AND MIT

License Breakdown

Unknown 59

MIT 39

BSD-2-Clause AND BSD-3-Clause 18

Apache-2.0 11

BSD-2-Clause 8

BSD-3-Clause 3

Apache-2.0 AND BSD-2-Clause 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND GPL-3.0-or-later 1

Apache-2.0 AND MIT 1

Apache-2.0 OR (Apache-2.0 AND BSD-3-Clause) 1

BSD-3-Clause AND MIT 1

BSD-3-Clause OR Apache-2.0 1

GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later 1

GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later 1

ISC 1

LGPL-2.0-or-later AND LGPL-2.1 AND LGPL-2.1-only AND LGPL-2.1-or-later AND Python-2.0 1

LGPL-2.1-only AND MIT AND MPL-1.1 1

LGPL-3.0-or-later 1

LGPL-3.0-or-later WITH openvpn-openssl-exception 1

MIT AND PSF-2.0 1

MPL-2.0 1

PSF-2.0 1

Python-2.0.1 1

Unlicense 1

CVE Severity

critical 0

high 7

medium 6

low 3

unknown 0