@@ -118,31 +118,52 @@ If you want to keep using public PyPI and fetch only specific patched packages f
118118
119119Fixes for the following vulnerabilities are available in ELS for Python Libraries from TuxCare versions:
120120
121- | CVE ID | Severity | Library | Vulnerable Version | Safe Version |
122- | :------------: | :------: | :-----: | :----------------: | :----------: |
123- | GHSA-56pw -mpj4-fxww | | Pillow | 9.4.0 | 10.0.1 |
124- | CVE-2013 -1424 | | Matplotlib | 3.0.3 | 3.1.0 |
125- | CVE-2014 -1858 | | Numpy | 1.8.0 | 1.8.1 |
126- | CVE-2019 -6446 | | Numpy | 1.16.0 | 1.16.3 |
127- | CVE-2021 -41945 | | Httpx | 0.22.0 | 0.23.0 |
128- | CVE-2023 -4863 | | Pillow | 9.4.0 | 10.0.1 |
129- | CVE-2023 -23934 | | Werkzeug | 1.0.1 | 2.2.3 |
130- | CVE-2023 -25577 | | Werkzeug | 1.0.1 | 2.2.3 |
131- | CVE-2023 -32681 | | Requests | 2.30.0 | 2.31.0 |
132- | CVE-2023 -37276 | | Aiohttp | 3.8.4 | 3.8.5 |
133- | CVE-2023 -44271 | | Pillow | 9.4.0 | 10.0.0 |
134- | CVE-2023 -47627 | | Aiohttp | 3.8.5 | 3.8.6 |
135- | CVE-2023 -49082 | | Aiohttp | 3.8.9 | 3.9.0 |
136- | CVE-2023 -50447 | | Pillow | 9.4.0 | 10.2.0 |
137- | CVE-2024 -8088 | | Requests | 2.24.9 | 2.25.0 |
138- | CVE-2024 -9880 | | Pandas | 2.2.2 | 2.2.3 |
139- | CVE-2024 -24680 | | Django | 5.0.1 | 5.0.2 |
140- | CVE-2024 -27351 | | Django | 5.1.4 | 5.1.5 |
141- | CVE-2024 -28219 | | Pillow | 9.4.0 | 10.3.0 |
142- | CVE-2024 -35195 | | Requests | 2.31.9 | 2.32.0 |
143- | CVE-2024 -47081 | | Requests | 2.32.3 | 2.32.4 |
144- | CVE-2024 -52304 | | Aiohttp | 3.10.10 | 3.10.11 |
145- | CVE-2024 -56374 | | Django | 5.1.4 | 5.1.5 |
146- | CVE-2025 -48432 | | Django | 5.1.10 | 5.1.11 |
121+ <details >
122+ <summary >Click to expand resolved CVEs in ELS for Python Libraries</summary >
123+
124+ | CVE ID | Severity | Library | Vulnerable Version | Safe Version |
125+ | :-----------------: | :------: | :----------: | :----------------: | :----------: |
126+ | GHSA-56pw -mpj4-fxww | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
127+ | GHSA-h4gh -qq45-vh27 | Medium | cryptography | 42.0.8 | 42.0.8.post1+tuxcare |
128+ | CVE-2019 -6446 | Critical | numpy | 1.16.0 | 1.16.0.post1+tuxcare |
129+ | CVE-2021 -41945 | N/A | httpx | 0.22.0 | 0.22.0.post1+tuxcare |
130+ | CVE-2022 -23491 | High | certifi | 2021.10.8 | 2021.10.08.post2+tuxcare |
131+ | CVE-2023 -4863 | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
132+ | CVE-2023 -23934 | Low | werkzeug | 1.0.1 | 1.0.1.post3+tuxcare |
133+ | CVE-2023 -25577 | High | Werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br >1.0.1.post2+tuxcare<br >1.0.1.post3+tuxcare |
134+ | CVE-2023 -30861 | High | flask | 1.1.2 | 1.1.2.post1+tuxcare |
135+ | CVE-2023 -32681 | Medium | requests | 2.25.1 | 2.25.1.post1+tuxcare |
136+ | CVE-2023 -32681 | Medium | requests | 2.30.0 | 2.30.0.post1+tuxcare |
137+ | CVE-2023 -37276 | High | aiohttp | 3.8.4 | 3.8.4.post1+tuxcare |
138+ | CVE-2023 -37920 | Critical | certifi | 2021.10.8 | 2021.10.08.post1+tuxcare<br >2021.10.08.post2+tuxcare |
139+ | CVE-2023 -37920 | Critical | certifi | 2022.12.7 | 2022.12.07.post1+tuxcare<br >2022.12.07.post2+tuxcare |
140+ | CVE-2023 -44271 | High | pillow | 9.4.0 | 9.4.0.post1+tuxcare |
141+ | CVE-2023 -47627 | High | aiohttp | 3.8.5 | 3.8.5.post1+tuxcare |
142+ | CVE-2023 -50447 | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
143+ | CVE-2023 -50447 | High | pillow | 9.5.0 | 9.5.0.post1+tuxcare |
144+ | CVE-2024 -3651 | High | idna | 2.1 | 2.1.post1+tuxcare |
145+ | CVE-2024 -5629 | N/A | pymongo | 3.13.0 | 3.13.0.post1+tuxcare |
146+ | CVE-2024 -6345 | High | setuptools | 65.5.1 | 65.5.1.post1+tuxcare |
147+ | CVE-2024 -6827 | High | gunicorn | 22.0.0 | 22.0.0.post1+tuxcare |
148+ | CVE-2024 -12797 | N/A | cryptography | 43.0.1 | 43.0.1.post1+tuxcare |
149+ | CVE-2024 -12797 | N/A | cryptography | 43.0.3 | 43.0.3.post1+tuxcare |
150+ | CVE-2024 -22195 | Medium | jinja2 | 2.11.3 | 2.11.3.post1+tuxcare<br >2.11.3.post2+tuxcare |
151+ | CVE-2024 -24680 | High | django | 5.0.1 | 5.0.1.post1+tuxcare |
152+ | CVE-2024 -28219 | Medium | pillow | 9.4.0 | 9.4.0.post3+tuxcare |
153+ | CVE-2024 -34064 | Medium | jinja2 | 2.11.3 | 2.11.3.post1+tuxcare<br >2.11.3.post2+tuxcare |
154+ | CVE-2024 -39689 | High | certifi | 2022.12.7 | 2022.12.07.post2+tuxcare |
155+ | CVE-2024 -39689 | High | certifi | 2023.7.22 | 2023.07.22.post1+tuxcare |
156+ | CVE-2024 -47081 | Medium | requests | 2.32.3 | 2.32.3.post1+tuxcare |
157+ | CVE-2024 -49766 | Medium | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br >1.0.1.post2+tuxcare<br >1.0.1.post3+tuxcare |
158+ | CVE-2024 -49767 | High | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br >1.0.1.post3+tuxcare |
159+ | CVE-2024 -49768 | Medium | waitress | 2.1.2 | 2.1.2.post1+tuxcare<br >2.1.2.post2+tuxcare |
160+ | CVE-2024 -49769 | High | waitress | 2.1.2 | 2.1.2.post2+tuxcare |
161+ | CVE-2024 -52304 | High | aiohttp | 3.8.5 | 3.8.5.post2+tuxcare |
162+ | CVE-2024 -56326 | Medium | jinja2 | 2.11.3 | 2.11.3.post2+tuxcare |
163+ | CVE-2024 -56374 | Medium | django | 5.1.4 | 5.1.4.post1+tuxcare |
164+ | CVE-2025 -27516 | Medium | jinja2 | 2.11.3 | 2.11.3.post2+tuxcare |
165+ | CVE-2025 -47273 | High | setuptools | 75.8.0 | 75.8.0.post1+tuxcare |
166+
167+ </details >
147168
148169If you are interested in the TuxCare Endless Lifecycle Support, contact
[ [email protected] ] ( mailto:[email protected] ) .
0 commit comments