Safety CI > vertexproject/vtx-base-image

pyup-update-python-socks-2.7.1-to-2.7.2

16 hours ago

2cc55135

Update python-socks from 2.7.1 to 2.7.2

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2025.7.29-to-2025.7.34

1 day, 21 hours ago

88eb4801

Update regex from 2025.7.29 to 2025.7.34

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 days, 3 hours ago

9c5098da

Update typing-extensions from 4.13.2 to 4.14.1 (#986) Co-authored-by: vEpiphyte <epiphyte@vertex.li

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2025.7.29-to-2025.7.33

2 days, 3 hours ago

c82fece3

Update regex from 2025.7.29 to 2025.7.33

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2025.7.29-to-2025.7.31

2 days, 21 hours ago

1e2bca38

Update regex from 2025.7.29 to 2025.7.31

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 days, 1 hour ago

e2e4a7a6

Update lmdb from 1.6.2 to 1.7.3 (#998) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-lmdb-1.6.2-to-1.7.3

3 days, 1 hour ago

a081de57

Merge branch 'master' into pyup-update-lmdb-1.6.2-to-1.7.3

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-oauthlib-3.2.2-to-3.3.1

3 days, 1 hour ago

3ea4842d

Merge branch 'master' into pyup-update-oauthlib-3.2.2-to-3.3.1

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-typing-extensions-4.13.2-to-4.14.1

3 days, 2 hours ago

b5a2a06a

Merge branch 'master' into pyup-update-typing-extensions-4.13.2-to-4.14.1

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 days, 2 hours ago

734622ac

Update regex from 2024.11.6 to 2025.7.29 (#1001)

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 days, 2 hours ago

95dec348

Update certifi from 2025.6.15 to 2025.7.14 (#994)

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 days, 2 hours ago

496670bb

Update aiohttp from 3.11.16 to 3.12.13 (#972)

aiohttp 3.12.13 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.12.13	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.12.13

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-regex-2024.11.6-to-2025.7.29

3 days, 3 hours ago

5676de19

Update regex from 2024.11.6 to 2025.7.29

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-aiohttp-3.11.16-to-3.12.15

3 days, 5 hours ago

61bc2978

Update aiohttp from 3.11.16 to 3.12.15

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.10.1

4 days, 9 hours ago

00a97cf4

Update coverage from 7.6.7 to 7.10.1

aiohttp 3.11.16 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
aiohttp	3.11.16	<3.12.14	show AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

aiohttp

3.11.16

<3.12.14

show

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.