Scanner: Docker Scout
Critical vulnerabilities: 0
High vulnerabilities: 8
Medium vulnerabilities: 28
Critical
No critical vulnerabilities found.
High
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-48818 | starlette | 1.0.0 | 1.1.0 | CVE-2026-48818: Server-Side Request Forgery (SSRF) |
| CVE-2026-54283 | starlette | 1.0.0 | 1.3.1 | CVE-2026-54283: Allocation of Resources Without Limits or Throttling |
| CVE-2026-54293 | nltk | 3.9.4 | not fixed | CVE-2026-54293: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| GHSA-4w2j-m93h-cj5j | quinn-proto | 0.11.14 | 0.11.15 | GHSA-4w2j-m93h-cj5j |
| GHSA-537c-gmf6-5ccf | cryptography | 46.0.7 | 48.0.1 | GHSA-537c-gmf6-5ccf: Out-of-bounds Read |
| GHSA-f4xh-w4cj-qxq8 | langsmith | 0.8.5 | 0.8.18 | GHSA-f4xh-w4cj-qxq8: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2026-44431 | py3.14-pip-base | 26.1.2-r0 | 26.1.2-r1 | CVE-2026-44431 |
| CVE-2026-44432 | py3.14-pip-base | 26.1.2-r0 | 26.1.2-r1 | CVE-2026-44432 |
Medium
| CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|
| CVE-2026-48155 | pypdf | 6.10.2 | 6.12.0 | CVE-2026-48155: Uncontrolled Resource Consumption |
| CVE-2026-48156 | pypdf | 6.10.2 | 6.12.0 | CVE-2026-48156: Excessive Iteration |
| CVE-2026-49460 | pypdf | 6.10.2 | 6.12.2 | CVE-2026-49460: Inefficient Algorithmic Complexity |
| CVE-2025-69872 | diskcache | 5.6.3 | not fixed | CVE-2025-69872: Deserialization of Untrusted Data |
| CVE-2026-48817 | starlette | 1.0.0 | 1.1.0 | CVE-2026-48817: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
| GHSA-4xgf-cpjx-pc3j | pydantic-settings | 2.13.1 | 2.14.2 | GHSA-4xgf-cpjx-pc3j: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2026-41425 | authlib | 1.6.9 | 1.6.11 | CVE-2026-41425: Cross-Site Request Forgery (CSRF) |
| CVE-2026-41479 | authlib | 1.6.9 | 1.6.10 | CVE-2026-41479: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2023-49092 | rsa | 0.9.10 | not fixed | CVE-2023-49092 |
| CVE-2026-44681 | authlib | 1.6.9 | 1.6.12 | CVE-2026-44681: URL Redirection to Untrusted Site ('Open Redirect') |
| GHSA-gj48-438w-jh9v | bleach | 6.3.0 | 6.4.0 | GHSA-gj48-438w-jh9v: Improper Neutralization of Input During Web Page Generation ('Cross-site Script... |
| CVE-2026-54276 | aiohttp | 3.13.5 | 3.14.1 | CVE-2026-54276: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2026-34993 | aiohttp | 3.13.5 | 3.14.0 | CVE-2026-34993: Deserialization of Untrusted Data |
| CVE-2026-48710 | starlette | 1.0.0 | 1.0.1 | CVE-2026-48710: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| CVE-2026-54911 | ujson | 5.12.1 | 5.13.0 | CVE-2026-54911: Improper Input Validation |
| CVE-2026-47265 | aiohttp | 3.13.5 | 3.14.0 | CVE-2026-47265: Origin Validation Error |
| CVE-2026-54273 | aiohttp | 3.13.5 | 3.14.1 | CVE-2026-54273: Allocation of Resources Without Limits or Throttling |
| CVE-2026-54274 | aiohttp | 3.13.5 | 3.14.1 | CVE-2026-54274: Allocation of Resources Without Limits or Throttling |
| CVE-2026-54277 | aiohttp | 3.13.5 | 3.14.1 | CVE-2026-54277: Allocation of Resources Without Limits or Throttling |
| CVE-2026-54278 | aiohttp | 3.13.5 | 3.14.1 | CVE-2026-54278: Improper Handling of Highly Compressed Data (Data Amplification) |
| CVE-2025-71176 | pytest | 9.0.2 | 9.0.3 | CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions |
| CVE-2026-45409 | py3.14-pip-base | 26.1.2-r0 | 26.1.2-r1 | CVE-2026-45409: Inefficient Regular Expression Complexity |
| CVE-2026-45409 | py3.14-pip-base | 26.1.2-r0 | 26.1.2-r1 | CVE-2026-45409: Inefficient Regular Expression Complexity |
| CVE-2026-48735 | pypdf | 6.10.2 | 6.12.1 | CVE-2026-48735: Allocation of Resources Without Limits or Throttling |
| CVE-2026-49461 | pypdf | 6.10.2 | 6.12.2 | CVE-2026-49461: Uncontrolled Resource Consumption |
| CVE-2026-54530 | pypdf | 6.10.2 | 6.13.0 | CVE-2026-54530: Loop with Unreachable Exit Condition ('Infinite Loop') |
| CVE-2026-54531 | pypdf | 6.10.2 | 6.13.0 | CVE-2026-54531: Loop with Unreachable Exit Condition ('Infinite Loop') |
| GHSA-jm82-fx9c-mx94 | pypdf | 6.10.2 | 6.13.3 | GHSA-jm82-fx9c-mx94: Uncontrolled Resource Consumption |