Skip to main content

api Security Scan

View Release Notes
Securityv3.9.2Generated 2026-04-28 05:24:20 UTC
Critical
Clean
High
12 found
Scan Date
Apr 28, 2026

Scanner: Docker Scout

Critical vulnerabilities: 0

High vulnerabilities: 3

Medium vulnerabilities: 9

Critical

No critical vulnerabilities found.

High

CVEPackageInstalledFixedDescription
CVE-2026-24049wheel0.45.10.46.2CVE-2026-24049: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-23342ecdsa0.19.1not fixedCVE-2024-23342: Observable Discrepancy
CVE-2026-33231nltk3.9.3not fixedCVE-2026-33231: Missing Authentication for Critical Function

Medium

CVEPackageInstalledFixedDescription
CVE-2026-3219pip26.0.1not fixedCVE-2026-3219: Unrestricted Upload of File with Dangerous Type
GHSA-rf74-v2fm-23pwnltk3.9.3not fixedGHSA-rf74-v2fm-23pw: Uncontrolled Recursion
CVE-2025-69872diskcache5.6.3not fixedCVE-2025-69872: Deserialization of Untrusted Data
CVE-2022-42969py1.11.0not fixedCVE-2022-42969
CVE-2026-33936ecdsa0.19.10.19.2CVE-2026-33936: Improper Handling of Length Parameter Inconsistency
GHSA-jj8c-mmj3-mmgvauthlib1.6.91.6.11GHSA-jj8c-mmj3-mmgv: Cross-Site Request Forgery (CSRF)
CVE-2023-49092rsa0.9.10not fixedCVE-2023-49092
CVE-2026-33230nltk3.9.33.9.4CVE-2026-33230: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-71176pytest9.0.29.0.3CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.