Tools / mem0 / Security

Security Deep Dive

mem0

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 actively-exploited dependency CVE affects cli-node-v0.2.8.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

20 versions tracked

Version	Published	C	H	M	L	KEV	Notes
cli-node-v0.2.8	2026-06-01	—	—	—	—	—	Latest
ts-v3.0.6	2026-06-01	—	—	—	—	—	—
openclaw-v1.0.12	2026-06-01	—	—	—	—	—	—
vercel-ai-v2.0.6	2026-06-01	—	—	—	—	—	—
opencode-v0.1.2	2026-06-01	—	—	—	—	—	—
opencode-v0.1.1	2026-05-28	—	—	—	—	—	—
ts-v3.0.5	2026-05-27	—	—	—	—	—	—
v2.0.4	2026-05-27	—	—	—	—	—	—
ts-v3.0.4	2026-05-26	—	—	—	—	—	—
v2.0.3	2026-05-26	—	—	—	—	—	—
cli-v0.2.7	2026-05-20	—	—	—	—	—	—
cli-node-v0.2.7	2026-05-20	—	—	—	—	—	—
cli-node-v0.2.5	2026-05-14	—	—	—	—	—	—
cli-v0.2.5	2026-05-14	—	—	—	—	—	—
ts-v3.0.3	2026-05-07	—	—	—	—	—	—
v2.0.2	2026-05-07	—	—	—	—	—	Patches CVE-2025-31125 Patches CVE-2026-42208
openclaw-v1.0.11	2026-04-29	1	—	1	—	KEV 2	—
ts-v3.0.2	2026-04-25	1	—	1	—	KEV 2	—
v2.0.1	2026-04-25	1	—	1	—	KEV 2	—
openclaw-v1.0.10	2026-04-23	1	—	1	—	KEV 2	—

— Signed — SLSA — SBOM ✗ Security policy Weekly cadence · 0d median Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present

Signed releases Unknown

Latest release artifact signature Latest release

—

SLSA provenance Unknown

Attestation predicate level Latest release

—

SBOM published Unknown

GitHub SBOM API Latest release

—

SECURITY.md Absent

GitHub repository metadata Repository policy

Checked: 21d ago

Release cadence: weekly Present

0d median over recent releases Release history

Latest release: 2d ago

Maintainer active Present

Recent commit activity Repository

Last commit: 1d ago

Checksums (SHA256SUMS) Not active yet

SHA256SUMS or equivalent Release asset

Latest release: 2d ago

GitHub Actions attestation Not active yet

actions/attest-build-provenance Workflow file

Latest release: 2d ago

Signing assets Not active yet

.sig, .crt, cosign.pub, or similar Release asset

Latest release: 2d ago

0.5/10 Security Score

Dependency Exposure 336 transitive dependency CVEs found in the latest SBOM. 29 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.832

freshness

1.00 / 1.0

1d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.00 / 2.5

⚠ No direct scan — 29c/109h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 29c/109h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.832

How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100

29 Transitive critical CVEs

1 KEV-transitive CVEs

42% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low

2026

CVE	Severity	EPSS	Disclosed	Fixed in	Days to fix	vs Ecosystem Median	KEV
CVE-2025-31125	MEDIUM	99%ile	—	v2.0.2	—	—	KEV
CVE-2026-42208	CRITICAL	98%ile	—	v2.0.2	—	—	KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

3367 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

High

109

Medium

149

Low

Unknown

1 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (44) All (336)

Critical 29 High 109 Medium 149 Low 44 Unknown 5

CVE	Severity	KEV	Dependency	Affected version	Cleared in release
CVE-2012-0805	critical	—	sqlalchemy	—	v2.0.2
CVE-2016-7036	critical	—	python-jose	—	v2.0.2
CVE-2019-7164	critical	—	sqlalchemy	—	v2.0.2
CVE-2019-7548	critical	—	sqlalchemy	—	v2.0.2
CVE-2023-29374	critical	—	langchain	—	v2.0.2
CVE-2023-32785	critical	—	langchain	—	v2.0.2
CVE-2023-34540	critical	—	langchain	—	v2.0.2
CVE-2023-34541	critical	—	langchain	—	v2.0.2
CVE-2023-36095	critical	—	langchain	—	v2.0.2
CVE-2023-36188	critical	—	langchain	—	v2.0.2
CVE-2023-36258	critical	—	langchain	—	v2.0.2
CVE-2023-36281	critical	—	langchain	—	v2.0.2
CVE-2023-38860	critical	—	langchain	—	v2.0.2
CVE-2023-38896	critical	—	langchain	—	v2.0.2
CVE-2023-39631	critical	—	langchain	—	v2.0.2
CVE-2023-39659	critical	—	langchain	—	v2.0.2
CVE-2024-1728	critical	—	gradio	4.14.0	v2.0.2
CVE-2024-23731	critical	—	embedchain	—	v2.0.2
CVE-2024-2952	critical	—	litellm	—	v2.0.2
CVE-2024-33663	critical	—	python-jose	—	v2.0.2
CVE-2024-36039	critical	—	pymysql	—	v2.0.2
CVE-2024-3829	critical	—	qdrant-client	—	v2.0.2
CVE-2024-5751	critical	—	litellm	—	v2.0.2
CVE-2025-23042	critical	—	gradio	4.14.0	v2.0.2
CVE-2025-68664	critical	—	langchain-core	—	v2.0.2
CVE-2025-7783	critical	—	form-data	4.0.2	v2.0.2
CVE-2026-35030	critical	—	litellm	—	v2.0.2
CVE-2026-42208	critical	—	litellm	—	ts-v3.0.3
GHSA-5mg7-485q-xm76	critical	—	litellm	—	v2.0.2
CVE-2015-5237	high	—	protobuf	—	v2.0.2
CVE-2022-1941	high	—	protobuf	—	v2.0.2
CVE-2023-28859	high	—	redis	—	v2.0.2
CVE-2023-32786	high	—	langchain	—	v2.0.2
CVE-2023-36189	high	—	langchain	—	v2.0.2
CVE-2023-46229	high	—	langchain	—	v2.0.2
CVE-2024-10188	high	—	litellm	—	v2.0.2
CVE-2024-10569	high	—	gradio	4.14.0	v2.0.2
CVE-2024-10648	high	—	gradio	4.14.0	v2.0.2
CVE-2024-11392	high	—	transformers	4.42.4	v2.0.2
CVE-2024-11393	high	—	transformers	4.42.4	v2.0.2
CVE-2024-11394	high	—	transformers	4.42.4	v2.0.2
CVE-2024-21272	high	—	mysql-connector-python	8.4.0	v2.0.2
CVE-2024-2206	high	—	gradio	4.14.0	v2.0.2
CVE-2024-22190	high	—	gitpython	3.1.38	v2.0.2
CVE-2024-22423	high	—	yt-dlp	2023.11.14	v2.0.2
CVE-2024-24762	high	—	fastapi	0.68.0	v2.0.2
CVE-2024-24762	high	—	python-multipart	0.0.5	v2.0.2
CVE-2024-34510	high	—	gradio	4.14.0	v2.0.2
CVE-2024-38519	high	—	yt-dlp	2023.11.14	v2.0.2
CVE-2024-4264	high	—	litellm	—	v2.0.2
CVE-2024-4325	high	—	gradio	4.14.0	v2.0.2
CVE-2024-47084	high	—	gradio	4.14.0	v2.0.2
CVE-2024-47867	high	—	gradio	4.14.0	v2.0.2
CVE-2024-47870	high	—	gradio	4.14.0	v2.0.2
CVE-2024-47871	high	—	gradio	4.14.0	v2.0.2
CVE-2024-47874	high	—	starlette	0.37.2	v2.0.2
CVE-2024-4888	high	—	litellm	—	v2.0.2
CVE-2024-4941	high	—	gradio	4.14.0	v2.0.2
CVE-2024-53899	high	—	virtualenv	20.26.3	v2.0.2
CVE-2024-53981	high	—	python-multipart	0.0.5	v2.0.2
CVE-2024-5998	high	—	langchain-community	—	v2.0.2
CVE-2024-6587	high	—	litellm	—	v2.0.2
CVE-2024-6825	high	—	litellm	—	v2.0.2
CVE-2024-8966	high	—	gradio	4.14.0	v2.0.2
CVE-2024-8984	high	—	litellm	—	v2.0.2
CVE-2024-9606	high	—	litellm	—	v2.0.2
CVE-2025-0330	high	—	litellm	—	v2.0.2
CVE-2025-0628	high	—	litellm	—	v2.0.2
CVE-2025-27152	high	—	axios	1.7.7	v2.0.2
CVE-2025-2828	high	—	langchain-community	—	v2.0.2
CVE-2025-4565	high	—	protobuf	—	v2.0.2
CVE-2025-47273	high	—	setuptools	70.3.0	v2.0.2
CVE-2025-48387	high	—	tar-fs	2.1.2	v2.0.2
CVE-2025-53365	high	—	mcp	1.3.0	v2.0.2
CVE-2025-53366	high	—	mcp	1.3.0	v2.0.2
CVE-2025-58754	high	—	axios	1.7.7	v2.0.2
CVE-2025-59343	high	—	tar-fs	2.1.2	v2.0.2
CVE-2025-64756	high	—	glob	10.4.5	v2.0.2
CVE-2025-65106	high	—	langchain-core	—	v2.0.2
CVE-2025-65945	high	—	jws	4.0.0	v2.0.2
CVE-2025-66414	high	—	@modelcontextprotocol/sdk	1.12.1	v2.0.2
CVE-2025-66416	high	—	mcp	1.3.0	v2.0.2
CVE-2025-66418	high	—	urllib3	1.26.19	v2.0.2
CVE-2025-66471	high	—	urllib3	1.26.19	v2.0.2
CVE-2025-67221	high	—	orjson	3.10.6	v2.0.2
CVE-2025-68665	high	—	@langchain/core	0.3.42	v2.0.2
CVE-2025-69223	high	—	aiohttp	3.9.5	v2.0.2
CVE-2025-6984	high	—	langchain-community	—	v2.0.2
CVE-2025-6985	high	—	langchain-text-splitters	—	v2.0.2
CVE-2026-0621	high	—	@modelcontextprotocol/sdk	1.12.1	v2.0.2
CVE-2026-0994	high	—	protobuf	—	v2.0.2
CVE-2026-1526	high	—	undici	5.28.5	v2.0.2
CVE-2026-21441	high	—	urllib3	1.26.19	v2.0.2
CVE-2026-22219	high	—	chainlit	0.7.700	v2.0.2
CVE-2026-2229	high	—	undici	5.28.5	v2.0.2
CVE-2026-24486	high	—	python-multipart	0.0.5	v2.0.2
CVE-2026-2473	high	—	google-cloud-aiplatform	1.59.0	v2.0.2
CVE-2026-25536	high	—	@modelcontextprotocol/sdk	1.12.1	v2.0.2
CVE-2026-25639	high	—	axios	1.7.7	v2.0.2
CVE-2026-25990	high	—	pillow	10.4.0	v2.0.2
CVE-2026-26007	high	—	cryptography	42.0.8	v2.0.2
CVE-2026-26331	high	—	yt-dlp	2023.11.14	v2.0.2
CVE-2026-26996	high	—	minimatch	3.1.2	v2.0.2
CVE-2026-27606	high	—	rollup	4.37.0	v2.0.2
CVE-2026-27903	high	—	minimatch	3.1.2	v2.0.2
CVE-2026-27904	high	—	minimatch	3.1.2	v2.0.2
CVE-2026-28414	high	—	gradio	4.14.0	v2.0.2
CVE-2026-28416	high	—	gradio	4.14.0	v2.0.2
CVE-2026-29063	high	—	immutable	5.1.1	v2.0.2
CVE-2026-30922	high	—	pyasn1	0.6.0	v2.0.2
CVE-2026-32274	high	—	black	23.12.1	v2.0.2
CVE-2026-32874	high	—	ujson	5.10.0	v2.0.2
CVE-2026-32875	high	—	ujson	5.10.0	v2.0.2
CVE-2026-33671	high	—	picomatch	2.3.1	v2.0.2
CVE-2026-34070	high	—	langchain-core	—	v2.0.2
CVE-2026-35029	high	—	litellm	—	v2.0.2
CVE-2026-39363	high	—	vite	6.2.1	v2.0.2
CVE-2026-39364	high	—	vite	8.0.0	v2.0.2
CVE-2026-40192	high	—	pillow	10.4.0	v2.0.2
CVE-2026-42033	high	—	axios	1.15.0	v2.0.2
CVE-2026-42035	high	—	axios	1.15.0	v2.0.2
CVE-2026-42043	high	—	axios	1.15.0	v2.0.2
CVE-2026-42203	high	—	litellm	—	v2.0.2
CVE-2026-42215	high	—	gitpython	3.1.38	v2.0.2
CVE-2026-42264	high	—	axios	1.15.0	v2.0.2
CVE-2026-42271	high	—	litellm	—	v2.0.2
CVE-2026-42284	high	—	gitpython	3.1.38	v2.0.2
CVE-2026-42311	high	—	pillow	10.4.0	v2.0.2
CVE-2026-42561	high	—	python-multipart	0.0.5	v2.0.2
CVE-2026-44243	high	—	gitpython	3.1.38	v2.0.2
CVE-2026-44244	high	—	gitpython	3.1.38	v2.0.2
CVE-2026-44307	high	—	mako	1.3.5	v2.0.2
CVE-2026-4800	high	—	lodash	4.17.21	v2.0.2
CVE-2026-4926	high	—	path-to-regexp	8.2.0	v2.0.2
GHSA-69x8-hrgq-fjj8	high	—	litellm	—	v2.0.2
GHSA-h25m-26qc-wcjf	high	—	next	15.2.8	v2.0.2
GHSA-mwv6-3258-q52c	high	—	next	15.2.6	v2.0.2
GHSA-q4gf-8mx6-v5v3	high	—	next	15.2.8	v2.0.2
CVE-2013-2132	medium	—	pymongo	—	v2.0.2
CVE-2021-23368	medium	—	postcss	8	v2.0.2
CVE-2021-23382	medium	—	postcss	8	v2.0.2
CVE-2022-35918	medium	—	streamlit	—	v2.0.2
CVE-2023-27494	medium	—	streamlit	—	v2.0.2
CVE-2023-28858	medium	—	redis	—	v2.0.2
CVE-2023-44270	medium	—	postcss	8	v2.0.2
CVE-2024-10940	medium	—	langchain-core	—	v2.0.2
CVE-2024-12217	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-12720	medium	—	transformers	4.42.4	v2.0.2
CVE-2024-1455	medium	—	langchain-core	—	v2.0.2
CVE-2024-1727	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-1729	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-21503	medium	—	black	23.12.1	v2.0.2
CVE-2024-23732	medium	—	embedchain	—	v2.0.2
CVE-2024-2965	medium	—	langchain-community	—	v2.0.2
CVE-2024-2965	medium	—	langchain	—	v2.0.2
CVE-2024-3095	medium	—	langchain-community	—	v2.0.2
CVE-2024-33664	medium	—	python-jose	—	v2.0.2
CVE-2024-35195	medium	—	requests	2.31.0	v2.0.2
CVE-2024-35255	medium	—	azure-identity	—	v2.0.2
CVE-2024-3571	medium	—	langchain	—	v2.0.2
CVE-2024-42474	medium	—	streamlit	—	v2.0.2
CVE-2024-43788	medium	—	webpack	5.85.0	v2.0.2
CVE-2024-47081	medium	—	requests	2.31.0	v2.0.2
CVE-2024-47164	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47165	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47166	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47167	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47868	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47869	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-47872	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-48052	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-4890	medium	—	litellm	—	v2.0.2
CVE-2024-4940	medium	—	gradio	4.14.0	v2.0.2
CVE-2024-5225	medium	—	litellm	—	v2.0.2
CVE-2024-52304	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2024-53382	medium	—	prismjs	1.27.0	v2.0.2
CVE-2024-56201	medium	—	jinja2	3.1.4	v2.0.2
CVE-2024-5629	medium	—	pymongo	—	v2.0.2
CVE-2024-56326	medium	—	jinja2	3.1.4	v2.0.2
CVE-2024-5710	medium	—	litellm	—	v2.0.2
CVE-2024-8021	medium	—	gradio	4.14.0	v2.0.2
CVE-2025-1194	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-13465	medium	—	lodash	4.17.21	v2.0.2
CVE-2025-13466	medium	—	body-parser	2.2.0	v2.0.2
CVE-2025-15284	medium	—	qs	6.14.0	v2.0.2
CVE-2025-2099	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-27516	medium	—	jinja2	3.1.4	v2.0.2
CVE-2025-27789	medium	—	@babel/helpers	7.26.9	v2.0.2
CVE-2025-30208	medium	—	vite	6.2.1	v2.0.2
CVE-2025-31125	medium	KEV	vite	6.2.1	ts-v3.0.3
CVE-2025-31486	medium	—	vite	6.2.1	v2.0.2
CVE-2025-32395	medium	—	vite	6.2.1	v2.0.2
CVE-2025-3263	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-3264	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-3933	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-46565	medium	—	vite	6.2.1	v2.0.2
CVE-2025-48889	medium	—	gradio	4.14.0	v2.0.2
CVE-2025-50181	medium	—	urllib3	1.26.19	v2.0.2
CVE-2025-5197	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-54121	medium	—	starlette	0.37.2	v2.0.2
CVE-2025-55173	medium	—	next	15.2.8	v2.0.2
CVE-2025-55197	medium	—	pypdf	5.0.0	v2.0.2
CVE-2025-57752	medium	—	next	15.2.8	v2.0.2
CVE-2025-57804	medium	—	h2	4.1.0	v2.0.2
CVE-2025-57822	medium	—	next	15.2.8	v2.0.2
CVE-2025-59471	medium	—	next	15.2.8	v2.0.2
CVE-2025-6051	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-62522	medium	—	vite	6.2.1	v2.0.2
CVE-2025-62707	medium	—	pypdf	5.0.0	v2.0.2
CVE-2025-62708	medium	—	pypdf	5.0.0	v2.0.2
CVE-2025-62718	medium	—	axios	1.7.7	v2.0.2
CVE-2025-64718	medium	—	js-yaml	3.14.1	v2.0.2
CVE-2025-66019	medium	—	pypdf	5.0.0	v2.0.2
CVE-2025-6638	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-68146	medium	—	filelock	3.15.4	v2.0.2
CVE-2025-68480	medium	—	marshmallow	3.21.3	v2.0.2
CVE-2025-6921	medium	—	transformers	4.42.4	v2.0.2
CVE-2025-69227	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69228	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69229	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69873	medium	—	ajv	6.12.6	v2.0.2
CVE-2025-71176	medium	—	pytest	—	v2.0.2
CVE-2026-1525	medium	—	undici	5.28.5	v2.0.2
CVE-2026-1527	medium	—	undici	5.28.5	v2.0.2
CVE-2026-1839	medium	—	transformers	4.42.4	v2.0.2
CVE-2026-22036	medium	—	undici	5.28.5	v2.0.2
CVE-2026-22701	medium	—	filelock	3.15.4	v2.0.2
CVE-2026-22702	medium	—	virtualenv	20.26.3	v2.0.2
CVE-2026-22815	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2026-24688	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-25528	medium	—	langsmith	0.3.87	v2.0.2
CVE-2026-25645	medium	—	requests	2.31.0	v2.0.2
CVE-2026-26019	medium	—	@langchain/community	0.3.36	v2.0.2
CVE-2026-27024	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-27025	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-27026	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-27795	medium	—	@langchain/community	0.3.36	v2.0.2
CVE-2026-27888	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-27980	medium	—	next	15.2.8	v2.0.2
CVE-2026-28351	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-28415	medium	—	gradio	4.14.0	v2.0.2
CVE-2026-28684	medium	—	python-dotenv	1.0.1	v2.0.2
CVE-2026-28804	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-29057	medium	—	next	15.2.8	v2.0.2
CVE-2026-2950	medium	—	lodash	4.17.21	v2.0.2
CVE-2026-31826	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-33123	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-33532	medium	—	yaml	2.7.1	v2.0.2
CVE-2026-33672	medium	—	picomatch	2.3.1	v2.0.2
CVE-2026-33682	medium	—	streamlit	—	v2.0.2
CVE-2026-33699	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-33750	medium	—	brace-expansion	2.0.1	v2.0.2
CVE-2026-34450	medium	—	anthropic	—	v2.0.2
CVE-2026-34452	medium	—	anthropic	—	v2.0.2
CVE-2026-34515	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34516	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34525	medium	—	aiohttp	3.9.5	v2.0.2
CVE-2026-39365	medium	—	vite	6.2.1	v2.0.2
CVE-2026-40087	medium	—	langchain-core	—	v2.0.2
CVE-2026-40175	medium	—	axios	1.7.7	v2.0.2
CVE-2026-40190	medium	—	langsmith	0.5.10	v2.0.2
CVE-2026-40260	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-40347	medium	—	python-multipart	0.0.5	v2.0.2
CVE-2026-41168	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-41182	medium	—	langsmith	0.5.10	v2.0.2
CVE-2026-41205	medium	—	mako	1.3.5	v2.0.2
CVE-2026-41305	medium	—	postcss	8	v2.0.2
CVE-2026-41312	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-41313	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-41314	medium	—	pypdf	5.0.0	v2.0.2
CVE-2026-41481	medium	—	langchain-text-splitters	—	v2.0.2
CVE-2026-41907	medium	—	uuid	11.1.0	v2.0.2
CVE-2026-42034	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42036	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42037	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42038	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42039	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42041	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42042	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42044	medium	—	axios	1.15.0	v2.0.2
CVE-2026-42308	medium	—	pillow	10.4.0	v2.0.2
CVE-2026-42310	medium	—	pillow	10.4.0	v2.0.2
CVE-2026-4923	medium	—	path-to-regexp	8.2.0	v2.0.2
GHSA-67mh-4wv8-2f99	medium	—	esbuild	0.21.5	v2.0.2
GHSA-h4gh-qq45-vh27	medium	—	cryptography	42.0.8	v2.0.2
GHSA-r4q5-vmmm-2653	medium	—	follow-redirects	1.15.11	v2.0.2
GHSA-w37m-7fhw-fmv9	medium	—	next	15.2.6	v2.0.2
CVE-2024-0243	low	—	langchain	—	v2.0.2
CVE-2024-12797	low	—	cryptography	42.0.8	v2.0.2
CVE-2024-28088	low	—	langchain	—	v2.0.2
CVE-2024-28088	low	—	langchain-core	—	v2.0.2
CVE-2024-47168	low	—	gradio	4.14.0	v2.0.2
CVE-2024-53384	low	—	tsup	8.3.0	v2.0.2
CVE-2024-8309	low	—	langchain-community	—	v2.0.2
CVE-2024-8309	low	—	langchain	—	v2.0.2
CVE-2025-3777	low	—	transformers	4.42.4	v2.0.2
CVE-2025-47279	low	—	undici	5.28.5	v2.0.2
CVE-2025-48370	low	—	@supabase/auth-js	2.68.0	v2.0.2
CVE-2025-48985	low	—	ai	4.1.46	v2.0.2
CVE-2025-53643	low	—	aiohttp	3.9.5	v2.0.2
CVE-2025-58751	low	—	vite	6.2.1	v2.0.2
CVE-2025-58752	low	—	vite	6.2.1	v2.0.2
CVE-2025-5889	low	—	brace-expansion	2.0.1	v2.0.2
CVE-2025-68157	low	—	webpack	5.85.0	v2.0.2
CVE-2025-68458	low	—	webpack	5.85.0	v2.0.2
CVE-2025-68492	low	—	chainlit	0.7.700	v2.0.2
CVE-2025-69224	low	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69225	low	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69226	low	—	aiohttp	3.9.5	v2.0.2
CVE-2025-69230	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-22690	low	—	pypdf	5.0.0	v2.0.2
CVE-2026-22691	low	—	pypdf	5.0.0	v2.0.2
CVE-2026-2391	low	—	qs	6.14.0	v2.0.2
CVE-2026-24001	low	—	diff	4.0.2	v2.0.2
CVE-2026-26013	low	—	langchain-core	—	v2.0.2
CVE-2026-27205	low	—	flask	2.3.2	v2.0.2
CVE-2026-27628	low	—	pypdf	5.0.0	v2.0.2
CVE-2026-34073	low	—	cryptography	42.0.8	v2.0.2
CVE-2026-34513	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34514	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34517	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34518	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34519	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-34520	low	—	aiohttp	3.9.5	v2.0.2
CVE-2026-41488	low	—	langchain-openai	0.2.1	v2.0.2
CVE-2026-42040	low	—	axios	1.15.0	v2.0.2
CVE-2026-4539	low	—	pygments	2.18.0	v2.0.2
CVE-2026-7597	low	—	mem0ai	—	v2.0.2
GHSA-26jh-r8g2-6fpr	low	—	gradio	4.14.0	v2.0.2
GHSA-3v33-3wmw-3785	low	—	yt-dlp	2023.11.14	v2.0.2
GHSA-8qw9-gf7w-42x5	low	—	streamlit	—	v2.0.2
CVE-2021-22570	unknown	—	protobuf	—	v2.0.2
CVE-2022-42969	unknown	—	py	1.11.0	v2.0.2
CVE-2024-52338	unknown	—	pyarrow	15.0.0	v2.0.2
MAL-2026-2144	unknown	—	litellm	—	v2.0.2
PYSEC-2026-2	unknown	—	litellm	—	v2.0.2

Showing 336 of 336