Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 3
Medium vulnerabilities: 9
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-24049 | wheel | 0.45.1 | 0.46.2 | CVE-2026-24049: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2024-23342 | ecdsa | 0.19.1 | not fixed | CVE-2024-23342: Observable Discrepancy |
| CVE-2026-33231 | nltk | 3.9.3 | not fixed | CVE-2026-33231: Missing Authentication for Critical Function |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-3219 | pip | 26.0.1 | not fixed | CVE-2026-3219: Unrestricted Upload of File with Dangerous Type |
| GHSA-rf74-v2fm-23pw | nltk | 3.9.3 | not fixed | GHSA-rf74-v2fm-23pw: Uncontrolled Recursion |
| CVE-2025-69872 | diskcache | 5.6.3 | not fixed | CVE-2025-69872: Deserialization of Untrusted Data |
| CVE-2022-42969 | py | 1.11.0 | not fixed | CVE-2022-42969 |
| CVE-2026-33936 | ecdsa | 0.19.1 | 0.19.2 | CVE-2026-33936: Improper Handling of Length Parameter Inconsistency |
| GHSA-jj8c-mmj3-mmgv | authlib | 1.6.9 | 1.6.11 | GHSA-jj8c-mmj3-mmgv: Cross-Site Request Forgery (CSRF) |
| CVE-2023-49092 | rsa | 0.9.10 | not fixed | CVE-2023-49092 |
| CVE-2026-33230 | nltk | 3.9.3 | 3.9.4 | CVE-2026-33230: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-71176 | pytest | 9.0.2 | 9.0.3 | CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions |