Safety CI > vertexproject/vtx-base-image

pyup-update-aiohttp-3.11.16-to-3.12.2

1 week, 4 days ago

Update aiohttp from 3.11.16 to 3.12.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

bender/SYN-8899/bump-py311-maint-version

1 week, 4 days ago

32f36462

Merge branch 'master' into bender/SYN-8899/bump-py311-maint-version

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.8.2

1 week, 6 days ago

4003c9cd

Update coverage from 7.6.7 to 7.8.2

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.3

1 week, 6 days ago

2f7ea0c6

Update cryptography from 43.0.3 to 45.0.3

No dependencies with known security vulnerabilities.

pyup-update-aiohttp-3.11.16-to-3.12.0

1 week, 6 days ago

ae4b32af

Update aiohttp from 3.11.16 to 3.12.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 weeks, 1 day ago

405e0754

Update tornado to 6.5.1

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

master

2 weeks, 1 day ago

bbb03104

Update tornado from 6.4.2 to 6.5 (#939)

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-rpds-py-0.24.0-to-0.25.1

2 weeks, 2 days ago

81a1bbaa

Update rpds-py from 0.24.0 to 0.25.1

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-coverage-7.6.7-to-7.8.1

2 weeks, 2 days ago

65736821

Update coverage from 7.6.7 to 7.8.1

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-multidict-6.4.3-to-6.4.4

2 weeks, 5 days ago

fed329b4

Update multidict from 6.4.3 to 6.4.4

tornado 6.4.2 and cryptography 43.0.3 have known security vulnerabilities.

Package	Installed	Affected	Info
tornado	6.4.2	<6.5.0	show When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

Package

Installed

Affected

Info

tornado

6.4.2

<6.5.0

show

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

cryptography

43.0.3

>=42.0.0,<44.0.1

show

Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.2

2 weeks, 6 days ago

8c0110d2

Update cryptography from 43.0.3 to 45.0.2

No dependencies with known security vulnerabilities.

pyup-update-pycryptodome-3.22.0-to-3.23.0

3 weeks ago

34fb0d13

Update pycryptodome from 3.22.0 to 3.23.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-cryptography-43.0.3-to-45.0.1

3 weeks ago

d920b21c

Update cryptography from 43.0.3 to 45.0.1

No dependencies with known security vulnerabilities.

pyup-update-pyopenssl-24.2.1-to-25.1.0

3 weeks ago

7783a139

Update pyopenssl from 24.2.1 to 25.1.0

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.

pyup-update-types-python-dateutil-2.9.0.20241206-to-2.9.0.20250516

3 weeks, 1 day ago

31b15703

Update types-python-dateutil from 2.9.0.20241206 to 2.9.0.20250516

cryptography 43.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
cryptography	43.0.3	>=42.0.0,<44.0.1	show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue.