This page gives an overview of the already known vulnerabilities of the different components we deliver. Those vulnerabilities have been automatically detected and reported by scanning both the code and the dependencies using CodeQL and Docker Scout.
In order for the vulnerability reports to reach maintainers as soon as possible, the preferred way is to use the Report a vulnerability button on the Security tab in the respective GitHub repository. It creates a private communication channel between the reporter and the maintainers.
If you are absolutely unable to or have strong reasons not to use GitHub reporting workflow, please reach out to the maintainers at contact[at]defensive-lab.agency, providing all relevant information. The more details you provide, the easier it will be for us to triage and fix the issue.
Please refer to our Vulnerability Disclosure Policy.
Vulnerability : CVE-2025-24928 Severity : HIGH Package : pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range : >=2.9.14+dfsg-1.3~deb12u1 Fixed version : not fixed EPSS Score : 0.000070 EPSS Percentile : 0.004000
Vulnerability : CVE-2024-56171 Severity : HIGH Package : pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range : >=2.9.14+dfsg-1.3~deb12u1 Fixed version : not fixed EPSS Score : 0.000070 EPSS Percentile : 0.003150
Vulnerability : CVE-2022-49043 Severity : HIGH Package : pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range : >=2.9.14+dfsg-1.3~deb12u1 Fixed version : not fixed EPSS Score : 0.000240 EPSS Percentile : 0.050990
This string may still contain ../, which may cause a path injection vulnerability.
This check does not consider data: and vbscript:.
This check does not consider data: and vbscript:.
This expression logs sensitive data (secret) as clear text.
Vulnerability : CVE-2023-4863 Severity : HIGH Package : pkg:pypi/pillow@9.5.0 Affected range : <10.0.1 Fixed version : 10.0.1 CVSS Score : 8.8 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score : 0.490950 EPSS Percentile : 0.974660
Vulnerability : CVE-2024-27983 Severity : HIGH Package : pkg:generic/node@20.11.0 Affected range : >=20.0.0,<20.12.1 Fixed version : 20.12.1 EPSS Score : 0.000430 EPSS Percentile : 0.082100
Vulnerability : CVE-2024-1135 Severity : HIGH Package : pkg:pypi/gunicorn@20.1.0 Affected range : <22.0.0 Fixed version : 22.0.0 CVSS Score : 8.2 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N EPSS Score : 0.000430 EPSS Percentile : 0.082100
Vulnerability : CVE-2023-50447 Severity : HIGH Package : pkg:pypi/pillow@9.5.0 Affected range : <10.2.0 Fixed version : 10.2.0 CVSS Score : 8.1 CVSS Vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H EPSS Score : 0.000740 EPSS Percentile : 0.309840
Vulnerability : CVE-2018-20225 Severity : HIGH Package : pkg:pypi/pip@24.0 Affected range : >=0 Fixed version : not fixed CVSS Score : 7.8 CVSS Vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score : 0.001120 EPSS Percentile : 0.441280
Vulnerability : CVE-2024-24762 Severity : HIGH Package : pkg:pypi/fastapi@0.95.1 Affected range : <=0.109.0 Fixed version : 0.109.1 CVSS Score : 7.5 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score : 0.001240 EPSS Percentile : 0.464090
Vulnerability : CVE-2024-24762 Severity : HIGH Package : pkg:pypi/starlette@0.26.1 Affected range : <=0.36.1 Fixed version : 0.36.2 CVSS Score : 7.5 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score : 0.001240 EPSS Percentile : 0.464090
Vulnerability : CVE-2023-44271 Severity : HIGH Package : pkg:pypi/pillow@9.5.0 Affected range : <10.0.0 Fixed version : 10.0.0 CVSS Score : 7.5 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score : 0.000550 EPSS Percentile : 0.214920
Vulnerability : GHSA-56pw-mpj4-fxww Severity : HIGH Package : pkg:pypi/pillow@9.5.0 Affected range : <10.0.1 Fixed version : 10.0.1
Vulnerability : CVE-2024-24680 Severity : HIGH Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.10 Fixed version : 4.2.10 CVSS Score : 8.2 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score : 0.000960 EPSS Percentile : 0.420000
Vulnerability : CVE-2022-49043 Severity : HIGH Package : pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u1?os_distro=bookworm&os_name=debian&os_version=12 Affected range : >=2.9.14+dfsg-1.3~deb12u1 Fixed version : not fixed EPSS Score : 0.000430 EPSS Percentile : 0.114650
Vulnerability : CVE-2024-53908 Severity : HIGH Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.17 Fixed version : 4.2.17 CVSS Score : 7.2 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U EPSS Score : 0.000450 EPSS Percentile : 0.178150
Vulnerability : CVE-2024-6345 Severity : HIGH Package : pkg:pypi/setuptools@65.5.1 Affected range : <70.0.0 Fixed version : 70.0.0 CVSS Score : 7.5 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N EPSS Score : 0.000430 EPSS Percentile : 0.114650
Vulnerability : CVE-2024-39614 Severity : HIGH Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.14 Fixed version : 4.2.14 CVSS Score : 8.7 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score : 0.000450 EPSS Percentile : 0.178150
Vulnerability : CVE-2024-39330 Severity : HIGH Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.14 Fixed version : 4.2.14 CVSS Score : 8.7 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N EPSS Score : 0.000450 EPSS Percentile : 0.178150
Vulnerability : CVE-2024-38875 Severity : HIGH Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.14 Fixed version : 4.2.14 CVSS Score : 8.7 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score : 0.000450 EPSS Percentile : 0.178150
Vulnerability : CVE-2024-42005 Severity : CRITICAL Package : pkg:pypi/django@4.2.8 Affected range : >=4.2,<4.2.15 Fixed version : 4.2.15 CVSS Score : 9.3 CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N EPSS Score : 0.000520 EPSS Percentile : 0.233540