Skip to main content
Dify Logo/Enterprise

api Security Scan

View Release Notes
Securityv3.10.0Generated 2026-05-21 11:01:53 UTC
Critical
2 found
High
101 found
Scan Date
May 21, 2026

Scanner: Docker Scout

Critical vulnerabilities: 0

High vulnerabilities: 15

Critical

No critical vulnerabilities found.

High

CVEPackageInstalledFixedDescription
CVE-2025-45768pyjwt2.12.1not fixedCVE-2025-45768
CVE-2026-24049wheel0.45.10.46.2CVE-2026-24049: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-45134langsmith0.7.310.8.0CVE-2026-45134: Deserialization of Untrusted Data
CVE-2024-34997joblib1.5.2not fixedCVE-2024-34997
CVE-2025-69534markdown3.10.2not fixedCVE-2025-69534
CVE-2026-0846nltk3.9.4not fixedCVE-2026-0846
CVE-2025-14920transformers5.3.0not fixedCVE-2025-14920
CVE-2025-14921transformers5.3.0not fixedCVE-2025-14921
CVE-2025-14924transformers5.3.0not fixedCVE-2025-14924
CVE-2025-14926transformers5.3.0not fixedCVE-2025-14926
CVE-2025-14927transformers5.3.0not fixedCVE-2025-14927
CVE-2025-14928transformers5.3.0not fixedCVE-2025-14928
CVE-2025-14929transformers5.3.0not fixedCVE-2025-14929
CVE-2025-14930transformers5.3.0not fixedCVE-2025-14930
CVE-2026-44660ujson5.12.05.12.1CVE-2026-44660: Missing Release of Memory after Effective Lifetime
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.
Documentation
Support
Contact