Ralph

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

74% Freshness

231 Dependencies

38 Outdated

0 Stale

3.2 Avg Behind

Dependency List

Latest release 20260506.1

All 230 Outdated 56 Has CVE 16 GPL 9

Dependency	Type	Current	Latest	Behind	CVE	License
cryptography pypi	Direct	45.0.5	48.0.0	12 behind	3 high	Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause)
urllib3 pypi	Direct	2.5.0	2.7.0	5 behind	3 high	MIT
pillow pypi	Direct	11.3.0	12.2.0	4 behind	6 high	LicenseRef-scancode-secret-labs-2011 AND MIT-CMU
pyjwt pypi	Direct	2.10.1	2.13.0	4 behind	1 high	MIT
pyasn1 pypi	Direct	0.6.1	0.6.3	2 behind	2 high	BSD-2-Clause
requests pypi	Direct	2.32.4	2.34.2	7 behind	1 medium	Apache-2.0
sqlparse pypi	Direct	0.5.3	0.5.5	2 behind	1 medium	BSD-2-Clause AND BSD-3-Clause
pygments pypi	Direct	2.19.2	2.20.0	1 behind	1 low	BSD-2-Clause
sphinx pypi	Direct	7.3.7	9.1.0	35 behind	—	BSD-2-Clause AND BSD-3-Clause
coverage pypi	Direct	7.9.2	7.14.1	23 behind	—	Apache-2.0
regex pypi	Direct	2024.11.6	2026.5.9	17 behind	—	CNRI-Python AND Apache-2.0
ipython pypi	Direct	8.37.0	9.14.0	14 behind	—	BSD-3-Clause
docutils pypi	Direct	0.21.2	0.23.0	13 behind	—	BSD-2-Clause
platformdirs pypi	Direct	4.3.8	4.10.0	13 behind	—	MIT
wcwidth pypi	Direct	0.2.13	0.7.0	13 behind	—	MIT
gunicorn pypi	Direct	23.0.0	26.0.0	11 behind	—	MIT
certifi pypi	Direct	2025.6.15	2026.5.20	9 behind	—	MPL-2.0
rich pypi	Direct	14.0.0	15.0.0	8 behind	—	MIT
click pypi	Direct	8.2.1	8.4.1	7 behind	—	BSD-3-Clause
pathspec pypi	Direct	0.12.1	1.1.1	7 behind	—	MPL-2.0
psutil pypi	Direct	7.0.0	7.2.2	7 behind	—	BSD-3-Clause
pyparsing pypi	Direct	3.2.3	3.3.2	7 behind	—	MIT AND Python-2.0
rpds-py pypi	Direct	0.26.0	2026.5.1	6 behind	—	MIT
charset-normalizer pypi	Direct	3.4.2	3.4.7	5 behind	—	MIT
prometheus-client pypi	Direct	0.22.1	0.25.0	5 behind	—	Apache-2.0 AND BSD-2-Clause
jsonschema pypi	Direct	4.24.0	4.26.0	4 behind	—	MIT
requests-oauthlib pypi	Direct	1.3.0	2.0.0	4 behind	—	BSD-2-Clause
markdown-it-py pypi	Direct	3.0.0	4.2.0	3 behind	—	MIT
parso pypi	Direct	0.8.4	0.8.7	3 behind	—	MIT
tblib pypi	Direct	3.1.0	3.2.2	3 behind	—	BSD-2-Clause AND BSD-3-Clause
tomli pypi	Direct	2.2.1	2.4.1	3 behind	—	MIT
attrs pypi	Direct	25.3.0	26.1.0	2 behind	—	MIT
cffi pypi	Direct	1.17.1	2.0.0	2 behind	—	MIT
decorator pypi	Direct	5.2.1	5.3.1	2 behind	—	BSD-2-Clause AND BSD-3-Clause
imagesize pypi	Direct	1.4.1	2.0.0	2 behind	—	MIT
jsonpointer pypi	Direct	3.0.0	3.1.1	2 behind	—	BSD-3-Clause
matplotlib-inline pypi	Direct	0.1.7	0.2.2	2 behind	—	BSD-2-Clause AND BSD-3-Clause
pyperclip pypi	Direct	1.9.0	1.11.0	2 behind	—	BSD-2-Clause AND BSD-3-Clause
snowballstemmer pypi	Direct	3.0.1	3.1.1	2 behind	—	BSD-3-Clause
toml-sort pypi	Direct	0.24.2	0.24.4	2 behind	—	MIT
tomlkit pypi	Direct	0.13.3	0.15.0	2 behind	—	MIT
traitlets pypi	Direct	5.14.3	5.15.1	2 behind	—	BSD-3-Clause
typing-extensions pypi	Direct	4.14.1	4.15.0	2 behind	—	Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
alabaster pypi	Direct	0.7.16	1.0.0	1 behind	—	BSD-2-Clause AND BSD-3-Clause
asttokens pypi	Direct	3.0.0	3.0.1	1 behind	—	Apache-2.0
exceptiongroup pypi	Direct	1.3.0	1.3.1	1 behind	—	MIT AND Python-2.0
executing pypi	Direct	2.2.0	2.2.1	1 behind	—	MIT
jedi pypi	Direct	0.19.2	0.20.0	1 behind	—	MIT
jmespath pypi	Direct	1.0.1	1.1.0	1 behind	—	MIT
jsonschema-specifications pypi	Direct	2025.4.1	2025.9.1	1 behind	—	MIT
markupsafe pypi	Direct	3.0.2	3.0.3	1 behind	—	BSD-2-Clause AND BSD-3-Clause
prompt-toolkit pypi	Direct	3.0.51	3.0.52	1 behind	—	BSD-2-Clause AND BSD-3-Clause
python-dateutil pypi	Direct	2.9.0	2.9.0.post0	1 behind	—	Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
pyyaml pypi	Direct	6.0.2	6.0.3	1 behind	—	MIT
referencing pypi	Direct	0.36.2	0.37.0	1 behind	—	MIT
six pypi	Direct	1.16.0	1.17.0	1 behind	—	MIT

License Breakdown

MIT 56

Unknown 46

BSD-2-Clause AND BSD-3-Clause 32

Apache-2.0 27

BSD-2-Clause 16

BSD-3-Clause 15

Apache-2.0 AND BSD-2-Clause 2

Apache-2.0 AND BSD-3-Clause 2

ISC 2

LGPL-3.0 AND LGPL-3.0-only AND LGPL-3.0-or-later 2

MIT AND Python-2.0 2

MPL-2.0 2

(Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND Python-2.0 AND Python-2.0.1) OR (BSD-3-Clause AND LicenseRef-scancode-other-permissive AND Python-2.0 AND Python-2.0.1) 1

0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT 1

0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 1

Apache-2.0 AND BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND GPL-1.0-or-later AND GPL-2.0-only 1

Apache-2.0 AND Python-2.0 1

Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 1

Artistic-1.0 AND Artistic-1.0-Perl AND Artistic-2.0 1

BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause 1

BSD-2-Clause AND BSD-3-Clause AND MIT 1

BSD-2-Clause AND MIT 1

BSD-3-Clause AND GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later 1

BSD-3-Clause AND MIT 1

CNRI-Python AND Apache-2.0 1

GPL-2.0-only 1

GPL-3.0-or-later 1

LGPL-2.1-only 1

LGPL-3.0-only 1

LicenseRef-scancode-secret-labs-2011 AND MIT-CMU 1

MIT AND ZPL-2.1 1

PSF-2.0 1

Python-2.0 1

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

Python-2.0.1 1

python-ldap 1

CVE Severity

critical 1

high 7

medium 5

low 3

unknown 0