Latest version: v0.8.6
CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
---|---|---|---|---|---|
CVE-2021-27291 | 66857 |
Syft version 0.8.5b10 updates its Pygments dependency to version 2.15… |
|
HIGH | 7.5 |
CVE-2020-11022 | 66901 |
Syft version 0.8.5b10 updates its Sphinx dependency to version 3.3.0,… |
|
MEDIUM | 6.1 |
CVE-2020-11023 | 66902 |
Syft version 0.8.5b10 updates its Sphinx dependency to version 3.3.0,… |
|
MEDIUM | 6.1 |
CVE-2022-40897 | 65499 |
Syft version 0.8.5 updates its setuptools requirement to version 65.5… |
|
MEDIUM | 5.9 |
CVE-2023-37920 | 63096 |
Syft 0.8.4b4 updates its dependency 'certifi' to 2023.7.22 to include… |
|
CRITICAL | 9.8 |
CVE-2021-27291 | 63097 |
Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a… |
|
HIGH | 7.5 |
CVE-2022-40896 | 63099 |
Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a… |
|
MEDIUM | 5.5 |
CVE-2021-20270 | 63098 |
Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a… |
|
HIGH | 7.5 |
CVE-2020-11023 | 63101 |
Syft 0.8.4b4 updates its dependency 'sphinx' to 3.3.0 to include a se… |
|
MEDIUM | 6.1 |
CVE-2023-32681 | 63100 |
Syft 0.8.4b4 updates its dependency 'requests' to 2.31.0 to include a… |
|
MEDIUM | 6.1 |
CVE-2022-23491 | 63086 |
Syft 0.8.4b4 updates its dependency 'certifi' to 2023.7.22 to include… |
|
HIGH | 7.5 |
CVE-2023-41039 | 61959 |
Syft 0.8.2b40 updates its dependency 'RestrictedPython' to 6.2 to inc… |
|
HIGH | 7.7 |
PVE-2023-62330 | 62330 |
Syft 0.8.2b19 removes clear-text logging of sensitive information. h… |
|
- | - |
CVE-2021-32677 | 53713 |
Syft 0.6.0a0 updates its dependency 'fastapi' to v0.68.0 to include a… |
|
HIGH | 8.1 |
PVE-2021-37930 | 37930 |
Syft 0.2.3.a1 removes an insecure eval in native tensor interpreter. … |
|
HIDDEN | X.Y |
CVE-2017-18342 | 37958 |
Syft 0.2.3 uses yaml.safe_load() to fix an arbitrary code execution v… |
|
CRITICAL | 9.8 |