Vulnerabilities found in the scan of the container image

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=ProgId content=Excel.Sheet>
<meta name=Generator content="Microsoft Excel 15">
<link id=Main-File rel=Main-File
href="file:////Users/anoop/Library/Group%20Containers/UBF8T346G9.Office/TemporaryItems/msohtmlclip/clip.htm">
<link rel=File-List
href="file:////Users/anoop/Library/Group%20Containers/UBF8T346G9.Office/TemporaryItems/msohtmlclip/clip_filelist.xml">
<style>

</style>
</head>

<body link="#467886" vlink="#96607D">
<meta charset=utf-8>


Package | Vulnerability | Severity | Fixed By
-- | -- | -- | --
langgraph-checkpoint | GHSA-wwqv-p2pp-99h5 | High | LangGraph Checkpoint   affected by RCE in "json" mode of JsonPlusSerializer
langchain-text-splitters | GHSA-m42m-m8cr-8m58 | High | LangChain Text   Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe   XSLT parsing
h11 | GHSA-vqfr-h8mv-ghfj | Critical | h11 accepts some   malformed Chunked-Encoding bodies
langchain-core | GHSA-6qv9-48xg-fc7f | High | LangChain Vulnerable   to Template Injection via Attribute Access in Prompt Templates
starlette | GHSA-2c2j-9gv5-cj73 | Medium | Starlette has   possible denial-of-service vector when parsing large files in multipart forms
starlette | GHSA-7f5h-v6xp-fcq8 | High | Starlette vulnerable   to O(n^2) DoS via Range header merging in   ``starlette.responses.FileResponse``
pip | GHSA-4xh5-x5gv-qwph | Medium | pip's fallback tar   extraction doesn't check symbolic links point to extraction directory
urllib3 | GHSA-pq67-6m6q-mj2v | Medium | urllib3 redirects are   not disabled when retries are disabled on PoolManager instantiation
urllib3 | GHSA-48p4-8xcf-vxj5 | Medium | urllib3 does not   control redirects in browsers and Node.js
setuptools | PYSEC-2025-49 | High |  
setuptools | GHSA-5rjg-fvgr-3xxf | High | setuptools has a path   traversal vulnerability in PackageIndex.download that leads to Arbitrary File   Write
requests | GHSA-9hjg-9r4m-mvj7 | Medium | Requests vulnerable   to .netrc credentials leak via malicious URLs



</body>

</html>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerabilities found in the scan of the container image #79

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Package	Vulnerability	Severity	Fixed By
langgraph-checkpoint	GHSA-wwqv-p2pp-99h5	High	LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
langchain-text-splitters	GHSA-m42m-m8cr-8m58	High	LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
h11	GHSA-vqfr-h8mv-ghfj	Critical	h11 accepts some malformed Chunked-Encoding bodies
langchain-core	GHSA-6qv9-48xg-fc7f	High	LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
starlette	GHSA-2c2j-9gv5-cj73	Medium	Starlette has possible denial-of-service vector when parsing large files in multipart forms
starlette	GHSA-7f5h-v6xp-fcq8	High	Starlette vulnerable to O(n^2) DoS via Range header merging in `starlette.responses.FileResponse`
pip	GHSA-4xh5-x5gv-qwph	Medium	pip's fallback tar extraction doesn't check symbolic links point to extraction directory
urllib3	GHSA-pq67-6m6q-mj2v	Medium	urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3	GHSA-48p4-8xcf-vxj5	Medium	urllib3 does not control redirects in browsers and Node.js
setuptools	PYSEC-2025-49	High
setuptools	GHSA-5rjg-fvgr-3xxf	High	setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
requests	GHSA-9hjg-9r4m-mvj7	Medium	Requests vulnerable to .netrc credentials leak via malicious URLs

Vulnerabilities found in the scan of the container image #79

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions