Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Sympy 1.12 includes a fix for a XXE vulnerability.

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78