Skip to main content

api Security Scan

View Release Notes
Securityv3.9.6Generated 2026-06-23 09:32:58 UTC
Critical
Clean
High
28 found
Scan Date
Jun 23, 2026

Scanner: Docker Scout

Critical vulnerabilities: 0

High vulnerabilities: 8

Medium vulnerabilities: 28

Critical

No critical vulnerabilities found.

High

CVEPackageInstalledFixedDescription
CVE-2026-48818starlette1.0.01.1.0CVE-2026-48818: Server-Side Request Forgery (SSRF)
CVE-2026-54283starlette1.0.01.3.1CVE-2026-54283: Allocation of Resources Without Limits or Throttling
CVE-2026-54293nltk3.9.4not fixedCVE-2026-54293: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
GHSA-4w2j-m93h-cj5jquinn-proto0.11.140.11.15GHSA-4w2j-m93h-cj5j
GHSA-537c-gmf6-5ccfcryptography46.0.748.0.1GHSA-537c-gmf6-5ccf: Out-of-bounds Read
GHSA-f4xh-w4cj-qxq8langsmith0.8.50.8.18GHSA-f4xh-w4cj-qxq8: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-44431py3.14-pip-base26.1.2-r026.1.2-r1CVE-2026-44431
CVE-2026-44432py3.14-pip-base26.1.2-r026.1.2-r1CVE-2026-44432

Medium

CVEPackageInstalledFixedDescription
CVE-2026-48155pypdf6.10.26.12.0CVE-2026-48155: Uncontrolled Resource Consumption
CVE-2026-48156pypdf6.10.26.12.0CVE-2026-48156: Excessive Iteration
CVE-2026-49460pypdf6.10.26.12.2CVE-2026-49460: Inefficient Algorithmic Complexity
CVE-2025-69872diskcache5.6.3not fixedCVE-2025-69872: Deserialization of Untrusted Data
CVE-2026-48817starlette1.0.01.1.0CVE-2026-48817: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
GHSA-4xgf-cpjx-pc3jpydantic-settings2.13.12.14.2GHSA-4xgf-cpjx-pc3j: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-41425authlib1.6.91.6.11CVE-2026-41425: Cross-Site Request Forgery (CSRF)
CVE-2026-41479authlib1.6.91.6.10CVE-2026-41479: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-49092rsa0.9.10not fixedCVE-2023-49092
CVE-2026-44681authlib1.6.91.6.12CVE-2026-44681: URL Redirection to Untrusted Site ('Open Redirect')
GHSA-gj48-438w-jh9vbleach6.3.06.4.0GHSA-gj48-438w-jh9v: Improper Neutralization of Input During Web Page Generation ('Cross-site Script...
CVE-2026-54276aiohttp3.13.53.14.1CVE-2026-54276: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-34993aiohttp3.13.53.14.0CVE-2026-34993: Deserialization of Untrusted Data
CVE-2026-48710starlette1.0.01.0.1CVE-2026-48710: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-54911ujson5.12.15.13.0CVE-2026-54911: Improper Input Validation
CVE-2026-47265aiohttp3.13.53.14.0CVE-2026-47265: Origin Validation Error
CVE-2026-54273aiohttp3.13.53.14.1CVE-2026-54273: Allocation of Resources Without Limits or Throttling
CVE-2026-54274aiohttp3.13.53.14.1CVE-2026-54274: Allocation of Resources Without Limits or Throttling
CVE-2026-54277aiohttp3.13.53.14.1CVE-2026-54277: Allocation of Resources Without Limits or Throttling
CVE-2026-54278aiohttp3.13.53.14.1CVE-2026-54278: Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2025-71176pytest9.0.29.0.3CVE-2025-71176: Creation of Temporary File in Directory with Insecure Permissions
CVE-2026-45409py3.14-pip-base26.1.2-r026.1.2-r1CVE-2026-45409: Inefficient Regular Expression Complexity
CVE-2026-45409py3.14-pip-base26.1.2-r026.1.2-r1CVE-2026-45409: Inefficient Regular Expression Complexity
CVE-2026-48735pypdf6.10.26.12.1CVE-2026-48735: Allocation of Resources Without Limits or Throttling
CVE-2026-49461pypdf6.10.26.12.2CVE-2026-49461: Uncontrolled Resource Consumption
CVE-2026-54530pypdf6.10.26.13.0CVE-2026-54530: Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-54531pypdf6.10.26.13.0CVE-2026-54531: Loop with Unreachable Exit Condition ('Infinite Loop')
GHSA-jm82-fx9c-mx94pypdf6.10.26.13.3GHSA-jm82-fx9c-mx94: Uncontrolled Resource Consumption
© 2026 Dify All rights reserved.Enterprise release information is confidential. Do not distribute externally.