Safety CI > vertexproject/vtx-base-image

pyup-update-urllib3-2.6.1-to-2.6.2

1 day, 22 hours ago

Update urllib3 from 2.6.1 to 2.6.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-tornado-6.5.2-to-6.5.3

2 days, 20 hours ago

58ce43b3

Update tornado from 6.5.2 to 6.5.3

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

4 days, 5 hours ago

fcbb8ff9

Update urllib3 from 2.5.0 to 2.6.1 (#1087)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-vcrpy-5.1.0-to-8.1.0

5 days, 9 hours ago

ac0dd9a2

Update vcrpy from 7.0.0 to 8.1.0

urllib3 2.5.0 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
urllib3	2.5.0	>=1.0,<2.6.0	show Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to improper handling of highly compressed HTTP response bodies during streaming decompression. The urllib3.HTTPResponse methods stream(), read(), read1(), read_chunked(), and readinto() may fully decompress a minimal but highly compressed payload based on the Content-Encoding header into an internal buffer instead of limiting the decompressed output to the requested chunk size, causing excessive CPU usage and massive memory allocation on the client side.
urllib3	2.5.0	>=1.24,<2.6.0	show Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to allowing an unbounded number of content-encoding decompression steps for HTTP responses. The HTTPResponse content decoding pipeline in urllib3 follows the Content-Encoding header and applies each advertised compression algorithm in sequence without enforcing a maximum chain length or effective output size, so a malicious peer can send a response with a very long encoding chain that triggers excessive CPU use and massive memory allocation during decompression.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

urllib3

2.5.0

>=1.0,<2.6.0

show

Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to improper handling of highly compressed HTTP response bodies during streaming decompression. The urllib3.HTTPResponse methods stream(), read(), read1(), read_chunked(), and readinto() may fully decompress a minimal but highly compressed payload based on the Content-Encoding header into an internal buffer instead of limiting the decompressed output to the requested chunk size, causing excessive CPU usage and massive memory allocation on the client side.

urllib3

2.5.0

>=1.24,<2.6.0

show

Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to allowing an unbounded number of content-encoding decompression steps for HTTP responses. The HTTPResponse content decoding pipeline in urllib3 follows the Content-Encoding header and applies each advertised compression algorithm in sequence without enforcing a maximum chain length or effective output size, so a malicious peer can send a response with a very long encoding chain that triggers excessive CPU use and massive memory allocation during decompression.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-vcrpy-5.1.0-to-8.1.0

5 days, 9 hours ago

edf52831

Update vcrpy from 5.1.0 to 8.1.0

urllib3 2.5.0 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
urllib3	2.5.0	>=1.0,<2.6.0	show Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to improper handling of highly compressed HTTP response bodies during streaming decompression. The urllib3.HTTPResponse methods stream(), read(), read1(), read_chunked(), and readinto() may fully decompress a minimal but highly compressed payload based on the Content-Encoding header into an internal buffer instead of limiting the decompressed output to the requested chunk size, causing excessive CPU usage and massive memory allocation on the client side.
urllib3	2.5.0	>=1.24,<2.6.0	show Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to allowing an unbounded number of content-encoding decompression steps for HTTP responses. The HTTPResponse content decoding pipeline in urllib3 follows the Content-Encoding header and applies each advertised compression algorithm in sequence without enforcing a maximum chain length or effective output size, so a malicious peer can send a response with a very long encoding chain that triggers excessive CPU use and massive memory allocation during decompression.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

urllib3

2.5.0

>=1.0,<2.6.0

show

Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to improper handling of highly compressed HTTP response bodies during streaming decompression. The urllib3.HTTPResponse methods stream(), read(), read1(), read_chunked(), and readinto() may fully decompress a minimal but highly compressed payload based on the Content-Encoding header into an internal buffer instead of limiting the decompressed output to the requested chunk size, causing excessive CPU usage and massive memory allocation on the client side.

urllib3

2.5.0

>=1.24,<2.6.0

show

Affected versions of the urllib3 package are vulnerable to Denial of Service (DoS) due to allowing an unbounded number of content-encoding decompression steps for HTTP responses. The HTTPResponse content decoding pipeline in urllib3 follows the Content-Encoding header and applies each advertised compression algorithm in sequence without enforcing a maximum chain length or effective output size, so a malicious peer can send a response with a very long encoding chain that triggers excessive CPU use and massive memory allocation during decompression.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-urllib3-2.5.0-to-2.6.1

5 days, 9 hours ago

498cf7d8

Update urllib3 from 2.5.0 to 2.6.1

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-urllib3-2.5.0-to-2.6.0

1 week ago

e9c74e41

Update urllib3 from 2.5.0 to 2.6.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-vcrpy-5.1.0-to-8.0.0

1 week, 3 days ago

34239598

Update vcrpy from 7.0.0 to 8.0.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-vcrpy-5.1.0-to-8.0.0

1 week, 3 days ago

fcdc7dce

Update vcrpy from 5.1.0 to 8.0.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-rpds-py-0.24.0-to-0.30.0

1 week, 6 days ago

6f417581

Update rpds-py from 0.24.0 to 0.30.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-beautifulsoup4-4.13.4-to-4.14.3

1 week, 6 days ago

2cde22e0

Update beautifulsoup4 from 4.13.4 to 4.14.3

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 weeks, 5 days ago

14b181b0

Update certifi from 2025.10.5 to 2025.11.12 (#1078)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 weeks, 5 days ago

ffd2e65b

Update python 3.11 image to 3.11.14 (#1082)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 weeks, 2 days ago

5e4b6bf9

Update regex from 2025.7.34 to 2025.11.3 (#1075) Co-authored-by: vEpiphyte <epiphyte@vertex.link>

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

3 weeks, 3 days ago

92d41c8a

Update scalecodec from 1.2.9 to 1.2.12 (#1064)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.