Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Sympy 1.12 includes a fix for a XXE vulnerability.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Sympy 1.12 includes a fix for a XXE vulnerability.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. 
NOTE: the vendor states that this reported code behavior is "completely harmless."
https://github.com/numpy/numpy/issues/18993

Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer overflow in the array_from_pyobj function of fortranobject.c, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. 
NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).
https://github.com/numpy/numpy/issues/19000

Numpy 1.21.0rc1 includes a fix for CVE-2021-33430: A Buffer Overflow vulnerability in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. 
NOTE: The vendor does not agree this is a vulnerability. In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.
https://github.com/numpy/numpy/issues/18939

Numpy 1.22.2  includes a fix for CVE-2021-41495: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 
NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place.
NOTE2: The specs we include in this advisory differ from the publicly available on other sources. For example, the advisory posted by the NVD indicate that versions up to and including 1.19.0 are affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remained unaddressed until version 1.22.2.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Sympy 1.12 includes a fix for a XXE vulnerability.

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. 
NOTE: the vendor states that this reported code behavior is "completely harmless."
https://github.com/numpy/numpy/issues/18993

Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer overflow in the array_from_pyobj function of fortranobject.c, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. 
NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).
https://github.com/numpy/numpy/issues/19000

Numpy 1.21.0rc1 includes a fix for CVE-2021-33430: A Buffer Overflow vulnerability in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. 
NOTE: The vendor does not agree this is a vulnerability. In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.
https://github.com/numpy/numpy/issues/18939

Numpy 1.22.2  includes a fix for CVE-2021-41495: Null Pointer Dereference vulnerability exists in numpy.sort in NumPy in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. 
NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place.
NOTE2: The specs we include in this advisory differ from the publicly available on other sources. For example, the advisory posted by the NVD indicate that versions up to and including 1.19.0 are affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remained unaddressed until version 1.22.2.

Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation.

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Affected versions of Requests are vulnerable to proxy credential leakage. When redirected to an HTTPS endpoint, the Proxy-Authorization header is forwarded to the destination server due to the use of rebuild_proxies to reattach the header. This may allow a malicious actor to exfiltrate sensitive information.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Gitpython 3.1.27 includes a fix for a REDoS vulnerability.
https://github.com/gitpython-developers/GitPython/commit/75f4f63ab3856a552f06082aabf98845b5fa21e3

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix.

OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes.

Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78

Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix.

Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes.

Opencv-contrib-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected.
https://github.com/opencv/opencv-python/releases/tag/78