Skip to main content
Dify Logo/Enterprise

api-insecure Security Scan

View Release Notes
Securityv3.9.4Generated 2026-05-21 07:08:27 UTC
Critical
2 found
High
44 found
Scan Date
May 20, 2026

Scanner: Docker Scout

Critical vulnerabilities: 2

High vulnerabilities: 30

Medium vulnerabilities: 26

Critical

CVEPackageInstalledFixedDescription
CVE-2026-33186grpc1.77.01.79.3CVE-2026-33186: Improper Authorization
CVE-2025-68121stdlib1.25.51.25.7CVE-2025-68121

High

CVEPackageInstalledFixedDescription
CVE-2025-45768pyjwt2.12.0not fixedCVE-2025-45768
CVE-2026-24051sdk1.38.01.40.0CVE-2026-24051: Untrusted Search Path
CVE-2026-45022v55.16.45.19.0CVE-2026-45022: Incorrect Behavior Order: Validate Before Canonicalize
CVE-2026-39883sdk1.38.01.43.0CVE-2026-39883: Untrusted Search Path
CVE-2024-23342ecdsa0.19.2not fixedCVE-2024-23342: Observable Discrepancy
CVE-2024-34997joblib1.5.2not fixedCVE-2024-34997
CVE-2025-61726stdlib1.25.51.25.6CVE-2025-61726
CVE-2025-69534markdown3.10.2not fixedCVE-2025-69534
CVE-2026-0846nltk3.9.4not fixedCVE-2026-0846
CVE-2026-25679stdlib1.25.51.25.8CVE-2026-25679
CVE-2026-29181otel1.38.01.41.0CVE-2026-29181: Uncontrolled Resource Consumption
CVE-2026-32280stdlib1.25.51.25.9CVE-2026-32280
CVE-2026-32281stdlib1.25.51.25.9CVE-2026-32281
CVE-2026-32283stdlib1.25.51.25.9CVE-2026-32283
CVE-2026-33811stdlib1.25.51.25.10CVE-2026-33811
CVE-2026-33814net0.47.00.53.0CVE-2026-33814
CVE-2026-33814net0.47.00.53.0CVE-2026-33814
CVE-2026-39820stdlib1.25.51.25.10CVE-2026-39820
CVE-2026-39836stdlib1.25.51.25.10CVE-2026-39836
CVE-2026-41602thrift0.22.00.23.0CVE-2026-41602: Integer Overflow or Wraparound
CVE-2026-42499stdlib1.25.51.25.10CVE-2026-42499
CVE-2025-14920transformers5.3.0not fixedCVE-2025-14920
CVE-2025-14921transformers5.3.0not fixedCVE-2025-14921
CVE-2025-14924transformers5.3.0not fixedCVE-2025-14924
CVE-2025-14926transformers5.3.0not fixedCVE-2025-14926
CVE-2025-14927transformers5.3.0not fixedCVE-2025-14927
CVE-2025-14928transformers5.3.0not fixedCVE-2025-14928
CVE-2025-14929transformers5.3.0not fixedCVE-2025-14929
CVE-2025-14930transformers5.3.0not fixedCVE-2025-14930
CVE-2026-44973v55.6.25.9.0CVE-2026-44973: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Medium

CVEPackageInstalledFixedDescription
CVE-2026-25934v55.16.45.16.5CVE-2026-25934: Improper Validation of Integrity Check Value
CVE-2026-3219pip26.0.1not fixedCVE-2026-3219: Unrestricted Upload of File with Dangerous Type
CVE-2026-41506v55.16.45.18.0CVE-2026-41506: Insufficiently Protected Credentials
CVE-2026-34165v55.16.45.17.1CVE-2026-34165: Integer Underflow (Wrap or Wraparound)
CVE-2025-69872diskcache5.6.3not fixedCVE-2025-69872: Deserialization of Untrusted Data
CVE-2022-42969py1.11.0not fixedCVE-2022-42969
CVE-2024-1681flask-cors6.0.2not fixedCVE-2024-1681
CVE-2025-61730stdlib1.25.51.25.6CVE-2025-61730
CVE-2026-39825stdlib1.25.51.25.10CVE-2026-39825
CVE-2026-6357pip26.0.126.1CVE-2026-6357: Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-41425authlib1.6.91.6.11CVE-2026-41425: Cross-Site Request Forgery (CSRF)
CVE-2026-45571v55.16.45.19.1CVE-2026-45571: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-32288stdlib1.25.51.25.9CVE-2026-32288
CVE-2023-49092rsa0.9.10not fixedCVE-2023-49092
GHSA-xmrv-pmrh-hhx2eventstream1.7.31.97.3GHSA-xmrv-pmrh-hhx2: Improper Input Validation
GHSA-xmrv-pmrh-hhx2eventstream1.7.31.97.3GHSA-xmrv-pmrh-hhx2: Improper Input Validation
CVE-2026-27142stdlib1.25.51.25.8CVE-2026-27142
CVE-2026-32289stdlib1.25.51.25.9CVE-2026-32289
CVE-2026-39823stdlib1.25.51.25.10CVE-2026-39823
CVE-2026-39826stdlib1.25.51.25.10CVE-2026-39826
CVE-2026-44681authlib1.6.91.6.12CVE-2026-44681: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-32282stdlib1.25.51.25.9CVE-2026-32282
CVE-2025-61728stdlib1.25.51.25.6CVE-2025-61728
CVE-2026-44740v55.6.25.9.0CVE-2026-44740: Uncontrolled Recursion
CVE-2025-71176pytest9.0.29.0.3CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions
CVE-2026-45409idna3.113.15CVE-2026-45409: Inefficient Regular Expression Complexity
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.
Documentation
Support
Contact