Skip to main content

api Security Scan

View Release Notes
Securityv3.9.1Generated 2026-04-15 07:58:45 UTC
Critical
23 found
High
91 found
Scan Date
Apr 15, 2026

Scanner: Docker Scout

Critical vulnerabilities: 2

High vulnerabilities: 11

Medium vulnerabilities: 25

Critical

CVEPackageInstalledFixedDescription
CVE-2026-6100python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-6100
CVE-2026-35030litellm1.82.61.83.0CVE-2026-35030: Improper Authentication

High

CVEPackageInstalledFixedDescription
CVE-2026-4519python3.12.133.13.13CVE-2026-4519
CVE-2025-55131nodejs22.21.0-1nodesource1not fixedCVE-2025-55131
CVE-2024-23342ecdsa0.19.1not fixedCVE-2024-23342: Observable Discrepancy
CVE-2025-59465nodejs22.21.0-1nodesource1not fixedCVE-2025-59465
CVE-2025-59466nodejs22.21.0-1nodesource1not fixedCVE-2025-59466
CVE-2026-21637nodejs22.21.0-1nodesource1not fixedCVE-2026-21637
CVE-2026-21710nodejs22.21.0-1nodesource1not fixedCVE-2026-21710
CVE-2026-27135nghttp21.52.0-1%2Bdeb12u2not fixedCVE-2026-27135
GHSA-69x8-hrgq-fjj8litellm1.82.61.83.0GHSA-69x8-hrgq-fjj8: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-35029litellm1.82.61.83.0CVE-2026-35029: Incorrect Authorization
CVE-2026-40192pillow12.1.112.2.0CVE-2026-40192: Allocation of Resources Without Limits or Throttling

Medium

CVEPackageInstalledFixedDescription
CVE-2025-45582tar1.34%2Bdfsg-1.2%2Bdeb12u1not fixedCVE-2025-45582
CVE-2026-25645requests2.32.52.33.0CVE-2026-25645: Insecure Temporary File
CVE-2026-33699pypdf6.8.06.9.2CVE-2026-33699: Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-5704tar1.34%2Bdfsg-1.2%2Bdeb12u1not fixedCVE-2026-5704
CVE-2026-33123pypdf6.8.06.9.1CVE-2026-33123: Uncontrolled Resource Consumption
CVE-2022-42969py1.11.0not fixedCVE-2022-42969
CVE-2026-21714nodejs22.21.0-1nodesource1not fixedCVE-2026-21714
CVE-2026-33936ecdsa0.19.10.19.2CVE-2026-33936: Improper Handling of Length Parameter Inconsistency
CVE-2026-1502python3.12.13not fixedCVE-2026-1502
CVE-2026-21713nodejs22.21.0-1nodesource1not fixedCVE-2026-21713
CVE-2026-21717nodejs22.21.0-1nodesource1not fixedCVE-2026-21717
CVE-2026-3446python3.12.133.13.13CVE-2026-3446
CVE-2026-3644python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-3644
CVE-2026-3644python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-3644
CVE-2026-4224python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-4224
CVE-2026-4224python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-4224
CVE-2025-12781python3.12.133.13.10CVE-2025-12781
CVE-2026-34525aiohttp3.13.33.13.4CVE-2026-34525: Improper Input Validation
CVE-2026-34515aiohttp3.13.33.13.4CVE-2026-34515: Absolute Path Traversal
CVE-2026-34516aiohttp3.13.33.13.4CVE-2026-34516: Allocation of Resources Without Limits or Throttling
CVE-2025-71176pytest9.0.29.0.3CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions
GHSA-pqhf-p39g-3x64uv0.8.90.9.6GHSA-pqhf-p39g-3x64: Improper Input Validation
CVE-2026-22815aiohttp3.13.33.13.4CVE-2026-22815: Uncontrolled Resource Consumption
CVE-2026-39892cryptography46.0.546.0.7CVE-2026-39892: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-40260pypdf6.8.06.10.0CVE-2026-40260: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.