Skip to content

test github action#3

Open
grepstrength wants to merge 1 commit into
mainfrom
test-github-action
Open

test github action#3
grepstrength wants to merge 1 commit into
mainfrom
test-github-action

Conversation

@grepstrength

Copy link
Copy Markdown
Owner

test github action

@github-actions

Copy link
Copy Markdown

⛓ RiskwareSupplyChain — Dependency Scan

🔴 CRITICAL — 47 packages scanned across 3 manifest(s)

Severity Count
🔴 Critical 25
🟠 High 16
🟡 Medium 0
🔵 Low 6
📋 Vulnerable packages (click to expand)

📂 ./backend/requirements.txt

Package Version CVEs Risk Fix
flask 1.0 3 CVE(s) CRITICAL 2.2.5, 2.3.2, 3.1.3
werkzeug 1.0.0 11 CVE(s) CRITICAL 2.1.1, 2.2.3, 3.0.1, 3.0.3, 3.0.6, 3.1.4, 3.1.5, 3.1.6
jinja2 2.10 8 CVE(s) CRITICAL 2.10.1, 2.11.3, 3.1.3, 3.1.4, 3.1.5, 3.1.6
requests 2.20.0 5 CVE(s) CRITICAL 2.31.0, 2.32.0, 2.32.4, 2.33.0
urllib3 1.24.1 20 CVE(s) CRITICAL 1.24.2, 1.24.3, 1.25.9, 1.26.17, 1.26.18, 1.26.5, 2.2.2, 2.5.0, 2.6.0, 2.6.3, 2.7.0
certifi 2019.11.28 4 CVE(s) CRITICAL 2022.12.07, 2022.12.7, 2023.7.22
pyyaml 5.1 6 CVE(s) CRITICAL 5.2, 5.2b1, 5.3.1, 5.4
cryptography 2.5 13 CVE(s) CRITICAL 3.2, 3.2.1, 300.0.12, 39.0.1, 41.0.0, 41.0.3, 41.0.4, 42.0.0, 42.0.2, 46.0.5, 46.0.6
paramiko 2.4.2 2 CVE(s) CRITICAL 2.10.1
pillow 6.2.0 78 CVE(s) CRITICAL 1.1.2-0.20250406010349-76805d5a8860, 10.0.0, 10.0.1, 10.2.0, 10.3.0, 12.2.0, 6.2.2, 7.0.0, 7.1.0, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.3.0, 8.3.2, 9.0.0, 9.0.1, 9.2.0
numpy 1.16.0 8 CVE(s) CRITICAL 1.16.1, 1.19, 1.19.0, 1.19.1, 1.21, 1.22
gunicorn 19.9.0 2 CVE(s) CRITICAL 22.0.0
python-jose 3.0.0 5 CVE(s) CRITICAL 3.4.0
pyjwt 1.7.0 5 CVE(s) CRITICAL 2.12.0, 2.4.0
lxml 4.3.0 10 CVE(s) HIGH 4.6.2, 4.6.3, 4.6.5, 4.9.1, 6.1.0
django 2.2 64 CVE(s) CRITICAL 1.11.22, 1.11.23, 1.19.0, 2.1.11, 2.2.2, 2.2.28, 2.2.4, 2.2.8, 2.2.9, 3.0.1, 3.0.12, 3.0.3, 3.0.4, 3.0.7, 3.1.1, 3.1.6, 3.1.8, 3.2.1, 3.2.10, 3.2.2, 3.2.4, 4.0.1, 4.0.2, 4.0.4, 4.0.7, 4.2.16, 4.2.22, 4.2.26, 5.2.6
celery 4.3.0 2 CVE(s) CRITICAL 5.2.2
httplib2 0.12.0 4 CVE(s) CRITICAL 0.18.0, 0.19.0

📂 ./data-pipeline/Cargo.toml

Package Version CVEs Risk Fix
hyper 0.12.35 8 CVE(s) CRITICAL 0.12.36, 0.14.10, 0.14.12, 0.14.3
tokio 0.1.22 2 CVE(s) CRITICAL 1.13.1
ring 0.14.6 3 CVE(s) CRITICAL 0.17.0, 0.17.12
rust-crypto 0.2.36 3 CVE(s) LOW 0.2.37-0
openssl 0.10.25 19 CVE(s) CRITICAL 0.10.48, 0.10.55, 0.10.60, 0.10.66, 0.10.70, 0.10.78, 0.10.79
rusqlite 0.20.0 9 CVE(s) CRITICAL 0.23.0
diesel 1.4.2 12 CVE(s) CRITICAL 1.4.6, 2.2.3, 2.3.8
regex 1.1.0 2 CVE(s) CRITICAL 1.5.5
chrono 0.4.6 1 CVE(s) CRITICAL 0.4.20

Scanned by RiskwareSupplyChain · Get your API key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant