Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.1 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
pip | 22.0.4 | >=0 |
show ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. |
pip | 22.0.4 | <23.3 |
show Affected versions of Pip are vulnerable to Command Injection. When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
Sphinx | 3.0.4 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
Package | Installed | Affected | Info |
---|---|---|---|
click | 7.0 | <8.0.0 |
show Click 8.0.0 uses 'mkstemp()' instead of the deprecated & insecure 'mktemp()'. https://github.com/pallets/click/issues/1752 |
wheel | 0.33.6 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
pytest-runner | 6.0.0 | >0 |
show Pytest-runner depends on deprecated features of setuptools and relies on features that break security mechanisms in pip. For example ‘setup_requires’ and ‘tests_require’ bypass pip --require-hashes. See also pypa/setuptools#1684. It is recommended that you: - Remove 'pytest-runner' from your setup_requires, preferably removing the setup_requires option. - Remove 'pytest' and any other testing requirements from tests_require, preferably removing the tests_requires option. - Select a tool to bootstrap and then run tests such as tox. https://github.com/pytest-dev/pytest-runner/blob/289a77b179535d8137118e3b8591d9e727130d6d/README.rst |
opencv-python | 4.2.0.32 | >=3.4.9.31,<4.8.1.78 |
show Opencv-python 4.8.1.78 updates its bundled dependency 'libwebp' to include a fix for a high risk vulnerability. Only mac OS X wheels on PyPI were affected. https://github.com/opencv/opencv-python/releases/tag/78 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'libpng' to v1.6.37 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'zlib' to v1.2.13 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its C dependency 'FFmpeg' to v5.1.2 to include a security fix. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show Opencv-python 4.7.0 updates its dependency 'OpenSSL' to v1.1.1s to include security fixes. |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 update its dependency 'openssl' to v1_1_1o to include security fixes. |
opencv-python | 4.2.0.32 | <4.7.0 |
show OpenCV's wechat_qrcode module, specifically versions up to 4.7.0, has a significant vulnerability affecting the DecodedBitStreamParser::decodeHanziSegment function within the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability can cause a memory leak. The potential attack can be executed remotely. To rectify this issue, it's advisable to apply a patch named 2b62ff6181163eea029ed1cab11363b4996e9cd6. https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6 |
opencv-python | 4.2.0.32 | <3.4.18 , >=4.0.0,<4.6.0 |
show Opencv-python 3.4.18 and 4.6.0 pin its dependency 'freetype' to v2.12.1 to include a security fix. |
opencv-python | 4.2.0.32 | <= 4.7.0 |
show The OpenCV wechat_qrcode module, versions up to 4.7.0, contains a critical vulnerability affecting the DecodedBitStreamParser::decodeByteSegment function in the qrcode/decoder/decoded_bit_stream_parser.cpp file. This vulnerability, if exploited, could lead to a null pointer dereference. Attackers can potentially launch this attack remotely. https://github.com/opencv/opencv_contrib/pull/3480 |
https://pyup.io/repos/github/robertopreste/mitoviz/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/robertopreste/mitoviz/python-3-shield.svg)](https://pyup.io/repos/github/robertopreste/mitoviz/)
.. image:: https://pyup.io/repos/github/robertopreste/mitoviz/python-3-shield.svg :target: https://pyup.io/repos/github/robertopreste/mitoviz/ :alt: Python 3
<a href="https://pyup.io/repos/github/robertopreste/mitoviz/"><img src="https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/robertopreste/mitoviz/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/robertopreste/mitoviz/
{<img src="https://pyup.io/repos/github/robertopreste/mitoviz/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/robertopreste/mitoviz/]
https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg
[![Updates](https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg)](https://pyup.io/repos/github/robertopreste/mitoviz/)
.. image:: https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg :target: https://pyup.io/repos/github/robertopreste/mitoviz/ :alt: Updates
<a href="https://pyup.io/repos/github/robertopreste/mitoviz/"><img src="https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg(Updates)!:https://pyup.io/repos/github/robertopreste/mitoviz/
{<img src="https://pyup.io/repos/github/robertopreste/mitoviz/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/robertopreste/mitoviz/]