pyup-update-requests-2.21.0-to-2.31.0
2 years, 3 months ago
Update requests from 2.21.0 to 2.31.0
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-2.0.15
2 years, 3 months ago
Update sqlalchemy from 1.2.17 to 2.0.15
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-sqlalchemy-1.2.17-to-2.0.14
2 years, 3 months ago
Update sqlalchemy from 1.2.17 to 2.0.14
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-sqlalchemy-1.2.17-to-2.0.13
2 years, 3 months ago
Update sqlalchemy from 1.2.17 to 2.0.13
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-requests-2.21.0-to-2.30.0
2 years, 3 months ago
Update requests from 2.21.0 to 2.30.0
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-2.0.12
2 years, 4 months ago
Update sqlalchemy from 1.2.17 to 2.0.12
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-coverage-4.5.2-to-7.2.5
2 years, 4 months ago
Update coverage from 4.5.2 to 7.2.5
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-coverage-4.5.2-to-7.2.4
2 years, 4 months ago
Update coverage from 4.5.2 to 7.2.4
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-2.0.11
2 years, 4 months ago
Update sqlalchemy from 1.2.17 to 2.0.11
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-requests-2.21.0-to-2.29.0
2 years, 4 months ago
Update requests from 2.21.0 to 2.29.0
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-2.0.10
2 years, 4 months ago
Update sqlalchemy from 1.2.17 to 2.0.10
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-coverage-4.5.2-to-7.2.3
2 years, 4 months ago
Update coverage from 4.5.2 to 7.2.3
bleach 3.1.0 and SQLAlchemy 1.2.17 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
| SQLAlchemy | 1.2.17 | <=1.2.17 , >=1.3.0b1,<=1.3.0b2 |
show SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. https://github.com/sqlalchemy/sqlalchemy/issues/4481 |
| SQLAlchemy | 1.2.17 | <2.0.0b1 |
show Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. https://github.com/sqlalchemy/sqlalchemy/pull/8563 |
| SQLAlchemy | 1.2.17 | <1.3.0 |
show SQLAlchemy affected versions has SQL Injection when the group_by parameter can be controlled. |
pyup-update-sqlalchemy-1.2.17-to-2.0.9
2 years, 4 months ago
Update sqlalchemy from 1.2.17 to 2.0.9
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-sqlalchemy-1.2.17-to-2.0.8
2 years, 5 months ago
Update sqlalchemy from 1.2.17 to 2.0.8
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
pyup-update-sqlalchemy-1.2.17-to-2.0.7
2 years, 5 months ago
Update sqlalchemy from 1.2.17 to 2.0.7
bleach 3.1.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| bleach | 3.1.0 | <3.3.0 |
show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True. |
| bleach | 3.1.0 | <=3.1.0 |
show Bleach 3.1.1 includes a fix for CVE-2020-6802: Mutation XSS in bleach.clean when noscript and raw tag whitelisted. https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r |
| bleach | 3.1.0 | <3.1.2 |
show Bleach 3.1.2 includes a fix for CVE-2020-6816: Mutation XSS via whitelisted math or svg and RCDATA tag with strip=False. https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 |
| bleach | 3.1.0 | <=3.1.3 |
show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}). |
Python 3 badge
URL
https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
Restructured Text
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg
:target: https://pyup.io/repos/github/geokrety/geokrety-api-models/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
RDoc
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]
pyup.io badge
URL
https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg
Markdown
[](https://pyup.io/repos/github/geokrety/geokrety-api-models/)
Restructured Text
.. image:: https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg
:target: https://pyup.io/repos/github/geokrety/geokrety-api-models/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/geokrety/geokrety-api-models/"><img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg(Updates)!:https://pyup.io/repos/github/geokrety/geokrety-api-models/
RDoc
{<img src="https://pyup.io/repos/github/geokrety/geokrety-api-models/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/geokrety/geokrety-api-models/]