Skip to main content
Dify Logo/Enterprise

api-insecure Security Scan

View Release Notes
Securityv3.9.1Generated 2026-04-15 07:58:45 UTC
Critical
28 found
High
112 found
Scan Date
Apr 15, 2026

Scanner: Docker Scout

Critical vulnerabilities: 5

High vulnerabilities: 21

Critical

CVEPackageInstalledFixedDescription
CVE-2026-33186grpc1.77.01.79.3CVE-2026-33186: Improper Authorization
CVE-2026-6100python3.113.11.2-6%2Bdeb12u6not fixedCVE-2026-6100
CVE-2026-35030litellm1.82.61.83.0CVE-2026-35030: Improper Authentication
CVE-2024-52338pyarrow14.0.217.0.0CVE-2024-52338
CVE-2025-68121stdlib1.25.51.25.7CVE-2025-68121

High

CVEPackageInstalledFixedDescription
CVE-2026-24051sdk1.38.01.40.0CVE-2026-24051: Untrusted Search Path
CVE-2026-4519python3.12.133.13.13CVE-2026-4519
CVE-2025-55131nodejs22.21.0-1nodesource1not fixedCVE-2025-55131
CVE-2026-24049wheel0.45.10.46.2CVE-2026-24049: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-39883sdk1.38.01.43.0CVE-2026-39883: Untrusted Search Path
CVE-2024-23342ecdsa0.19.1not fixedCVE-2024-23342: Observable Discrepancy
CVE-2025-59465nodejs22.21.0-1nodesource1not fixedCVE-2025-59465
CVE-2025-59466nodejs22.21.0-1nodesource1not fixedCVE-2025-59466
CVE-2025-61726stdlib1.25.51.25.6CVE-2025-61726
CVE-2026-21637nodejs22.21.0-1nodesource1not fixedCVE-2026-21637
CVE-2026-21710nodejs22.21.0-1nodesource1not fixedCVE-2026-21710
CVE-2026-25679stdlib1.25.51.25.8CVE-2026-25679
CVE-2026-27135nghttp21.52.0-1%2Bdeb12u2not fixedCVE-2026-27135
CVE-2026-32280stdlib1.25.51.25.9CVE-2026-32280
CVE-2026-32281stdlib1.25.51.25.9CVE-2026-32281
CVE-2026-32283stdlib1.25.51.25.9CVE-2026-32283
CVE-2026-33231nltk3.9.3not fixedCVE-2026-33231: Missing Authentication for Critical Function
CVE-2026-26007cryptography44.0.346.0.5CVE-2026-26007: Insufficient Verification of Data Authenticity
GHSA-69x8-hrgq-fjj8litellm1.82.61.83.0GHSA-69x8-hrgq-fjj8: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-35029litellm1.82.61.83.0CVE-2026-35029: Incorrect Authorization
CVE-2026-40192pillow12.1.112.2.0CVE-2026-40192: Allocation of Resources Without Limits or Throttling
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.
Documentation
Support
Contact