{ "SchemaVersion": 2, "Trivy": { "Version": "0.69.3" }, "ReportID": "019d57b3-48f9-7d52-b2e5-3cd845e3db0e", "CreatedAt": "2026-04-04T08:54:20.665874231Z", "ArtifactName": "sboms/ai-containers-litellm-v1.81.3-stable-cyclonedx.json", "ArtifactType": "cyclonedx", "Metadata": { "OS": { "Family": "wolfi", "Name": "20230201" }, "ImageID": "sha256:a2b337484cb540ac4b82130357900dd60ead542479318c5db411124676c16c6d", "DiffIDs": [ "sha256:06701e670b613919a51bee4d575f48adccad4ca9155d72305367e13a31839270", "sha256:08f5f5edd437f19cd3c96a1a89f0f02a8b9c9e468ff7f478652151d4be3b19d9", "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee", "sha256:0e839e1b6b30c1cc15fb9131db50ef112f34d2339116b551feaf15559c31edc9", "sha256:12e1b2a7244af283ab26eac7e4e03bdb42420b360fced58ea2ee0abc79c8c000", "sha256:1b2a94bbb5b3ee2a6ebe302233cad70377bff65a2bb0005f06147b6b51917743", "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92", "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0", "sha256:4ee6f38b48c8538d30289cd011e8ba950fe256500bc86ced8f16398837a91e7a", "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f", "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:80abaa93c03b484f3c531b2994ae1deadb839262ddb653ad15e1c0c27fe405b4", "sha256:83e037df6ca1ae3d9f30adcaee7fe0a556fd2aebb6566564d92cb14753a0b0fa", "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568", "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c", "sha256:af1ea0e33c8e22c51b2e7d16e572107ea675110fb820a75d2193879e1702cd1b", "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50", "sha256:ca256a6871958735463454d07439cfa80dc7bd7e3189362b40444d08c46fae46", "sha256:cffee6df6bca27ae6d4a65bf1c1df569bb59f3c31461af811ea9096416f87fde", "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0", "sha256:e3f9bfdda771fb95420d92c819881f3d47b08b1bba44e6a050d962c0c7382da9" ], "RepoDigests": [ "registry.suse.com/ai/containers/litellm@sha256:154f34092ac9174948736090dc99691d48c2647ab107029625627ced45d38d8b" ], "Reference": "registry.suse.com/ai/containers/litellm@sha256:154f34092ac9174948736090dc99691d48c2647ab107029625627ced45d38d8b" }, "Results": [ { "Target": "sboms/ai-containers-litellm-v1.81.3-stable-cyclonedx.json (wolfi 20230201)", "Class": "os-pkgs", "Type": "wolfi", "Packages": [ { "ID": "apk-tools@2.14.10-r10", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026distro=20230201", "UID": "1b87fc43ed8441a4", "BOMRef": "pkg:apk/wolfi/apk-tools@2.14.10-r10?arch=x86_64\u0026distro=20230201" }, "Version": "2.14.10-r10", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.10-r10", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "ca-certificates-bundle@20251003-r3", "glibc@2.43-r0", "ld-linux@2.43-r0", "libcrypto3@3.6.1-r1", "libssl3@3.6.1-r1", "wolfi-baselayout@20230201-r26", "zlib@1.3.1.2-r3" ], "Layer": { "Digest": "sha256:1d53393b78f00c417dbc484afee224f386ba037746127e62a4bc86b6ad11daa1", "DiffID": "sha256:6562679d109c939489d457fcbd6d961c9d5f592f316cefcb2e62fa595199797a" }, "Digest": "sha1:360094f42540d8f16177f251916e29619be762fe" }, { "ID": "bash@5.3-r5", "Name": "bash", "Identifier": { "PURL": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=20230201", "UID": "c9a9d86eed979eb7", "BOMRef": "pkg:apk/wolfi/bash@5.3-r5?arch=x86_64\u0026distro=20230201" }, "Version": "5.3-r5", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.3-r5", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "ncurses@6.6_p20251230-r1", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:9dd00dcd7654147d2998f5b11213adb52cae5ad2" }, { "ID": "busybox@1.37.0-r54", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026distro=20230201", "UID": "e1033db5b90f5c3", "BOMRef": "pkg:apk/wolfi/busybox@1.37.0-r54?arch=x86_64\u0026distro=20230201" }, "Version": "1.37.0-r54", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r54", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "libcrypt1@2.43-r0", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:3f02fc482423f53d1d5bfdf6094776ebe0b7eba4617489f96d32e6c61ac92d92", "DiffID": "sha256:1f7b804e2e3b2ce78f108ce6ea8e3c5c42309860a59a5342e101ba77669d8a92" }, "Digest": "sha1:dfbfdd4815b2ce870ce5a428f10f6ad21a1f549a" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=20230201", "UID": "cc0bb573e19a6693", "BOMRef": "pkg:apk/wolfi/c-ares@1.34.6-r0?arch=x86_64\u0026distro=20230201" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:72c82e5c25bfd691982cf508bfda988bad5ced12" }, { "ID": "ca-certificates-bundle@20251003-r3", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=20230201", "UID": "1b891a2b294fb1bd", "BOMRef": "pkg:apk/wolfi/ca-certificates-bundle@20251003-r3?arch=x86_64\u0026distro=20230201" }, "Version": "20251003-r3", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20251003-r3", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:2a4da0691147ee88d0960b8ac8bda5481f91b115a20a0dcb9f30481401d91d36", "DiffID": "sha256:98481b16b5b7db2fe5071acddc9cb81c29411335c97e9ddeb35c7c800d9fb568" }, "Digest": "sha1:b8fb05eba8b52c5b8e3ae448c96ec4218e2bc447" }, { "ID": "gdbm@1.26-r2", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026distro=20230201", "UID": "f41127e44e685fdb", "BOMRef": "pkg:apk/wolfi/gdbm@1.26-r2?arch=x86_64\u0026distro=20230201" }, "Version": "1.26-r2", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.26-r2", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:375d22e56a0c032b92b8f3bd9eb4112e7864fb25" }, { "ID": "glibc@2.43-r0", "Name": "glibc", "Identifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "9004de483fd2b4c8", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r0", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r0", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc-locale-posix@2.43-r0", "ld-linux@2.43-r0", "libgcc@15.2.0-r8", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "Digest": "sha1:f499b96e61c63fd0d5e14e23d55660300948bee2" }, { "ID": "glibc-locale-posix@2.43-r0", "Name": "glibc-locale-posix", "Identifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "be1afa3b9b80fd08", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r0", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r0", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "Digest": "sha1:e20e1e0229b4092b15ae5dca0857b199da2cc5eb" }, { "ID": "icu78-data-full@78.2-r0", "Name": "icu78-data-full", "Identifier": { "PURL": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=20230201", "UID": "702843c9309f43de", "BOMRef": "pkg:apk/wolfi/icu78-data-full@78.2-r0?arch=x86_64\u0026distro=20230201" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:e615eeade973d33e6d30bca1bcb08383dec2c505" }, { "ID": "ld-linux@2.43-r0", "Name": "ld-linux", "Identifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "b6092db906c1fed3", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r0", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r0", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc@2.43-r0", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "Digest": "sha1:4fb03a4974e8c5cf3925dd3b1ef907ecaced676e" }, { "ID": "libbrotlicommon1@1.2.0-r1", "Name": "libbrotlicommon1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "f02046451f57d0eb", "BOMRef": "pkg:apk/wolfi/libbrotlicommon1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:f16ef9c593de91cc6945073b4636aeeda0c80a0e" }, { "ID": "libbrotlidec1@1.2.0-r1", "Name": "libbrotlidec1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "eb4fd5c31d84af94", "BOMRef": "pkg:apk/wolfi/libbrotlidec1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0", "libbrotlicommon1@1.2.0-r1" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:b98182b5ebf03788a5dfd808af6e2d3eeb4ff13c" }, { "ID": "libbrotlienc1@1.2.0-r1", "Name": "libbrotlienc1", "Identifier": { "PURL": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=20230201", "UID": "56ce0ef5ad493bb6", "BOMRef": "pkg:apk/wolfi/libbrotlienc1@1.2.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.2.0-r1", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0", "libbrotlicommon1@1.2.0-r1" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:da1a062cc901589428b8d8fc3daa83a23f8cb929" }, { "ID": "libbz2-1@1.0.8-r22", "Name": "libbz2-1", "Identifier": { "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026distro=20230201", "UID": "df16481aff037044", "BOMRef": "pkg:apk/wolfi/libbz2-1@1.0.8-r22?arch=x86_64\u0026distro=20230201" }, "Version": "1.0.8-r22", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r22", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:7881510d91ca841ea9441e08e4a352199b87ff65" }, { "ID": "libcrypt1@2.43-r0", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "f62850d878b62343", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2.43-r0", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r0", "Licenses": [ "LGPL-2.1-or-later" ], "DependsOn": [ "glibc@2.43-r0", "libxcrypt@4.5.2-r2", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "Digest": "sha1:789b8f059b393d75c79f029bf05676c489dc2ad7" }, { "ID": "libcrypto3@3.6.1-r1", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "25de9782913d153d", "BOMRef": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "Digest": "sha1:d8bbdb6c6fc823c4567afe7518475cdeb6cfd67a" }, { "ID": "libexpat1@2.7.4-r1", "Name": "libexpat1", "Identifier": { "PURL": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=20230201", "UID": "1b27c57233011b", "BOMRef": "pkg:apk/wolfi/libexpat1@2.7.4-r1?arch=x86_64\u0026distro=20230201" }, "Version": "2.7.4-r1", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.4-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:c5b2bb591573c0337e81a12513a9e010ee5f8495" }, { "ID": "libffi@3.5.2-r1", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=20230201", "UID": "ce35d5861caaa36f", "BOMRef": "pkg:apk/wolfi/libffi@3.5.2-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.5.2-r1", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.5.2-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:ce40e7d1f8951ac77983c4e263e2d7b04b194c17" }, { "ID": "libgcc@15.2.0-r8", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/wolfi/libgcc@15.2.0-r8?arch=x86_64\u0026distro=20230201", "UID": "c3ed629a24f2d9b0", "BOMRef": "pkg:apk/wolfi/libgcc@15.2.0-r8?arch=x86_64\u0026distro=20230201" }, "Version": "15.2.0-r8", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r8", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0" ], "Layer": { "Digest": "sha256:89e834737af53e5c2de84e5dc510bbef9d603f1a583f438b74c62f1d92413ee6", "DiffID": "sha256:12e1b2a7244af283ab26eac7e4e03bdb42420b360fced58ea2ee0abc79c8c000" }, "Digest": "sha1:c334d95ef6dd9b070d4461d4c997fdc3838d2131" }, { "ID": "libicu78@78.2-r0", "Name": "libicu78", "Identifier": { "PURL": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=20230201", "UID": "30d0b007a080c4b5", "BOMRef": "pkg:apk/wolfi/libicu78@78.2-r0?arch=x86_64\u0026distro=20230201" }, "Version": "78.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "78.2-r0", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0", "icu78-data-full@78.2-r0", "ld-linux@2.43-r0", "libgcc@15.2.0-r8", "libstdc++@15.2.0-r8" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:7afb4e60da61c174faf3cde4b2919c67653c8630" }, { "ID": "libnghttp2-14@1.68.0-r1", "Name": "libnghttp2-14", "Identifier": { "PURL": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=20230201", "UID": "2fbe5fb2b4d9d0cb", "BOMRef": "pkg:apk/wolfi/libnghttp2-14@1.68.0-r1?arch=x86_64\u0026distro=20230201" }, "Version": "1.68.0-r1", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.68.0-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:51db5560582e98f33ac7d85cce1255191c92a3f3" }, { "ID": "libssl3@3.6.1-r1", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "19b9702842890b3", "BOMRef": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r0", "libcrypto3@3.6.1-r1" ], "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "Digest": "sha1:ac161813a56c650f73fa5596266b79810629c5f9" }, { "ID": "libstdc++@15.2.0-r8", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r8?arch=x86_64\u0026distro=20230201", "UID": "ccf4d194da343c5e", "BOMRef": "pkg:apk/wolfi/libstdc%2B%2B@15.2.0-r8?arch=x86_64\u0026distro=20230201" }, "Version": "15.2.0-r8", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r8", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "libgcc@15.2.0-r8" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:503cbbddc4f951bac09038eb21e47a50a7f2d074" }, { "ID": "libuuid@2.41.3-r3", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026distro=20230201", "UID": "5bed1c685ca7a5b5", "BOMRef": "pkg:apk/wolfi/libuuid@2.41.3-r3?arch=x86_64\u0026distro=20230201" }, "Version": "2.41.3-r3", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41.3-r3", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-1.0-only", "LGPL-2.1-or-later", "BSD-1-Clause", "BSD-3-Clause", "BSD-4-Clause-UC", "MIT", "CC-PDDC" ], "DependsOn": [ "glibc@2.43-r0", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:578db12606c45c43abe623521fe7c1d8692eeb3a" }, { "ID": "libuv@1.51.0-r3", "Name": "libuv", "Identifier": { "PURL": "pkg:apk/wolfi/libuv@1.51.0-r3?arch=x86_64\u0026distro=20230201", "UID": "12870b86b26ce133", "BOMRef": "pkg:apk/wolfi/libuv@1.51.0-r3?arch=x86_64\u0026distro=20230201" }, "Version": "1.51.0-r3", "Arch": "x86_64", "SrcName": "libuv", "SrcVersion": "1.51.0-r3", "Licenses": [ "MIT", "ISC" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:1cb298bb5792409f6cab114e4dc43ddcfb989358" }, { "ID": "libxcrypt@4.5.2-r2", "Name": "libxcrypt", "Identifier": { "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", "UID": "fc1ad85f26b1fd3b", "BOMRef": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201" }, "Version": "4.5.2-r2", "Arch": "x86_64", "SrcName": "libxcrypt", "SrcVersion": "4.5.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Layer": { "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598" }, { "ID": "mpdecimal@4.0.1-r3", "Name": "mpdecimal", "Identifier": { "PURL": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64\u0026distro=20230201", "UID": "44bb2ed1fb982b33", "BOMRef": "pkg:apk/wolfi/mpdecimal@4.0.1-r3?arch=x86_64\u0026distro=20230201" }, "Version": "4.0.1-r3", "Arch": "x86_64", "SrcName": "mpdecimal", "SrcVersion": "4.0.1-r3", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "libgcc@15.2.0-r8", "libstdc++@15.2.0-r8" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:12885674e7ba1c71ee370a6876aedfd8c4f02ce4" }, { "ID": "ncurses@6.6_p20251230-r1", "Name": "ncurses", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201", "UID": "2329d69cfc85f56b", "BOMRef": "pkg:apk/wolfi/ncurses@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "ncurses-terminfo-base@6.6_p20251230-r1" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:d4f7df25bc5592a35e8b474da4abe726d6453883" }, { "ID": "ncurses-terminfo-base@6.6_p20251230-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201", "UID": "b29216e5b80681aa", "BOMRef": "pkg:apk/wolfi/ncurses-terminfo-base@6.6_p20251230-r1?arch=x86_64\u0026distro=20230201" }, "Version": "6.6_p20251230-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.6_p20251230-r1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:4dd42bfac7a276233bc5b8d479ab024134b7622c" }, { "ID": "nodejs-25@25.6.0-r0", "Name": "nodejs-25", "Identifier": { "PURL": "pkg:apk/wolfi/nodejs-25@25.6.0-r0?arch=x86_64\u0026distro=20230201", "UID": "8827ae310e8214ba", "BOMRef": "pkg:apk/wolfi/nodejs-25@25.6.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "25.6.0-r0", "Arch": "x86_64", "SrcName": "nodejs-25", "SrcVersion": "25.6.0-r0", "Licenses": [ "MIT" ], "DependsOn": [ "c-ares@1.34.6-r0", "glibc@2.43-r0", "ld-linux@2.43-r0", "libbrotlidec1@1.2.0-r1", "libbrotlienc1@1.2.0-r1", "libcrypto3@3.6.1-r1", "libgcc@15.2.0-r8", "libicu78@78.2-r0", "libnghttp2-14@1.68.0-r1", "libssl3@3.6.1-r1", "libstdc++@15.2.0-r8", "libuv@1.51.0-r3", "zlib@1.3.1.2-r3" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:2c49a1513479fc1ee6d3e9594d05519d7a7f3a00" }, { "ID": "npm@11.9.0-r0", "Name": "npm", "Identifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "11.9.0-r0", "Arch": "x86_64", "SrcName": "npm", "SrcVersion": "11.9.0-r0", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:1280ed5c5a52f1b31eeb64171b0d9b95b2287a0d" }, { "ID": "openssl@3.6.1-r1", "Name": "openssl", "Identifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "525a18a56b31f47e", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "Version": "3.6.1-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.1-r1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0", "libcrypto3@3.6.1-r1", "libssl3@3.6.1-r1" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:f8d343216b1b16abe5c51e7f168b2d2209e1bfdb" }, { "ID": "py3-pip-wheel@26.0.1-r0", "Name": "py3-pip-wheel", "Identifier": { "PURL": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "385af67c5da6f669", "BOMRef": "pkg:apk/wolfi/py3-pip-wheel@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:0a649ce580c2fdfeed16fd3c504bb3b50a906a8b" }, { "ID": "py3.13-pip@26.0.1-r0", "Name": "py3.13-pip", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "78f1881d9cdd8e57", "BOMRef": "pkg:apk/wolfi/py3.13-pip@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "DependsOn": [ "py3.13-pip-base@26.0.1-r0", "python-3.13-base@3.13.12-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:8ab914ab26482f5502a318f47d9116ae60fbc1e7" }, { "ID": "py3.13-pip-base@26.0.1-r0", "Name": "py3.13-pip-base", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=20230201", "UID": "4eb53152c8953751", "BOMRef": "pkg:apk/wolfi/py3.13-pip-base@26.0.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "26.0.1-r0", "Arch": "x86_64", "SrcName": "py3-pip", "SrcVersion": "26.0.1-r0", "Licenses": [ "MIT" ], "DependsOn": [ "py3.13-setuptools@81.0.0-r0", "python-3.13-base@3.13.12-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:ade9cfc60cf3655567b67b29e5cb6d9703a1a060" }, { "ID": "py3.13-setuptools@81.0.0-r0", "Name": "py3.13-setuptools", "Identifier": { "PURL": "pkg:apk/wolfi/py3.13-setuptools@81.0.0-r0?arch=x86_64\u0026distro=20230201", "UID": "b0037ce49e917e22", "BOMRef": "pkg:apk/wolfi/py3.13-setuptools@81.0.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "81.0.0-r0", "Arch": "x86_64", "SrcName": "py3-setuptools", "SrcVersion": "81.0.0-r0", "Licenses": [ "MIT" ], "DependsOn": [ "python-3.13-base@3.13.12-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:b7bddb46cedf1a9cfd71221a3aaa9026f9ae53c3" }, { "ID": "python-3.13@3.13.12-r0", "Name": "python-3.13", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "Version": "3.13.12-r0", "Arch": "x86_64", "SrcName": "python-3.13", "SrcVersion": "3.13.12-r0", "Licenses": [ "PSF-2.0" ], "DependsOn": [ "python-3.13-base@3.13.12-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:4b5805fc3c48d68327e5066cc1a5d46c7a246ca4" }, { "ID": "python-3.13-base@3.13.12-r0", "Name": "python-3.13-base", "Identifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "Version": "3.13.12-r0", "Arch": "x86_64", "SrcName": "python-3.13", "SrcVersion": "3.13.12-r0", "Licenses": [ "PSF-2.0" ], "DependsOn": [ "gdbm@1.26-r2", "glibc@2.43-r0", "ld-linux@2.43-r0", "libbz2-1@1.0.8-r22", "libcrypto3@3.6.1-r1", "libexpat1@2.7.4-r1", "libffi@3.5.2-r1", "libssl3@3.6.1-r1", "libuuid@2.41.3-r3", "mpdecimal@4.0.1-r3", "ncurses@6.6_p20251230-r1", "py3-pip-wheel@26.0.1-r0", "readline@8.3-r1", "sqlite-libs@3.51.1-r0", "xz@5.8.2-r1", "zlib@1.3.1.2-r3" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:fe93e58be93d0c9034ffbd0d0dd26d070a8b94a9" }, { "ID": "readline@8.3-r1", "Name": "readline", "Identifier": { "PURL": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64\u0026distro=20230201", "UID": "c71298420d9fb551", "BOMRef": "pkg:apk/wolfi/readline@8.3-r1?arch=x86_64\u0026distro=20230201" }, "Version": "8.3-r1", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.3-r1", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r0", "ncurses@6.6_p20251230-r1" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:bcbe178d5b1edd94ce7b1cb8465e1cda8964a3db" }, { "ID": "sqlite-libs@3.51.1-r0", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=20230201", "UID": "b18be90992b23fe8", "BOMRef": "pkg:apk/wolfi/sqlite-libs@3.51.1-r0?arch=x86_64\u0026distro=20230201" }, "Version": "3.51.1-r0", "Arch": "x86_64", "SrcName": "sqlite", "SrcVersion": "3.51.1-r0", "Licenses": [ "blessing" ], "DependsOn": [ "glibc@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:d0361a0bc6717f9262dbf71e350da24cd1987755" }, { "ID": "supervisor@4.3.0-r0", "Name": "supervisor", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=20230201", "UID": "d4ef3ed2cba0c67b", "BOMRef": "pkg:apk/wolfi/supervisor@4.3.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "py3.13-setuptools@81.0.0-r0", "python-3.13-base@3.13.12-r0", "supervisor-config@4.3.0-r0" ], "Layer": { "Digest": "sha256:c9841fb13425b70d6debd9388f95252e89ae470541193e7f723d6a121ab8fc25", "DiffID": "sha256:cffee6df6bca27ae6d4a65bf1c1df569bb59f3c31461af811ea9096416f87fde" }, "Digest": "sha1:6daf57e1bd2a466563021c6c1d2b726d4f32a659" }, { "ID": "supervisor-config@4.3.0-r0", "Name": "supervisor-config", "Identifier": { "PURL": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=20230201", "UID": "8bdf8bd82d917e6e", "BOMRef": "pkg:apk/wolfi/supervisor-config@4.3.0-r0?arch=x86_64\u0026distro=20230201" }, "Version": "4.3.0-r0", "Arch": "x86_64", "SrcName": "supervisor", "SrcVersion": "4.3.0-r0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:c9841fb13425b70d6debd9388f95252e89ae470541193e7f723d6a121ab8fc25", "DiffID": "sha256:cffee6df6bca27ae6d4a65bf1c1df569bb59f3c31461af811ea9096416f87fde" }, "Digest": "sha1:9dc25d852bd533a57c94bba2e0649a696c81efae" }, { "ID": "tzdata@2025c-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=20230201", "UID": "f1e699a98227d741", "BOMRef": "pkg:apk/wolfi/tzdata@2025c-r0?arch=x86_64\u0026distro=20230201" }, "Version": "2025c-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025c-r0", "Licenses": [ "CC-PDDC" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:2c137e3cd0482cb748f0d5ab1c1907bd2a03598a" }, { "ID": "wolfi-base@1-r7", "Name": "wolfi-base", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64\u0026distro=20230201", "UID": "6f8cf0f66597c990", "BOMRef": "pkg:apk/wolfi/wolfi-base@1-r7?arch=x86_64\u0026distro=20230201" }, "Version": "1-r7", "Arch": "x86_64", "SrcName": "wolfi-base", "SrcVersion": "1-r7", "Licenses": [ "MIT" ], "DependsOn": [ "apk-tools@2.14.10-r10", "busybox@1.37.0-r54", "wolfi-keys@1-r13" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" }, "Digest": "sha1:e82b5ced3be890350f3a2fb44e41c27929abca1d" }, { "ID": "wolfi-baselayout@20230201-r26", "Name": "wolfi-baselayout", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r26?arch=x86_64\u0026distro=20230201", "UID": "9803597b42a47007", "BOMRef": "pkg:apk/wolfi/wolfi-baselayout@20230201-r26?arch=x86_64\u0026distro=20230201" }, "Version": "20230201-r26", "Arch": "x86_64", "SrcName": "wolfi-baselayout", "SrcVersion": "20230201-r26", "Licenses": [ "MIT" ], "DependsOn": [ "ca-certificates-bundle@20251003-r3" ], "Layer": { "Digest": "sha256:f8f83eb22e81bcfcbd43c5409aeaa6ef92528c8b8f28091c2563e47c2f98be5b", "DiffID": "sha256:af1ea0e33c8e22c51b2e7d16e572107ea675110fb820a75d2193879e1702cd1b" }, "Digest": "sha1:4a6f36a82aefeab384c62e957de1ed325bf28b78" }, { "ID": "wolfi-keys@1-r13", "Name": "wolfi-keys", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026distro=20230201", "UID": "6d83bacbf2f192de", "BOMRef": "pkg:apk/wolfi/wolfi-keys@1-r13?arch=x86_64\u0026distro=20230201" }, "Version": "1-r13", "Arch": "x86_64", "SrcName": "wolfi-keys", "SrcVersion": "1-r13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:cdea145aa11554331de7d95b1834fd4f2a784fa573086475ff0d7c86d3abd020", "DiffID": "sha256:b8195249dcd92d2c0519946f0a9f9d9ec7b88e9a19b5f83bc156103a39d5ab50" }, "Digest": "sha1:c9e9f5b4a87785ae4aae9539e439d85b22c7390d" }, { "ID": "xz@5.8.2-r1", "Name": "xz", "Identifier": { "PURL": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026distro=20230201", "UID": "21ec3181f7f83f6", "BOMRef": "pkg:apk/wolfi/xz@5.8.2-r1?arch=x86_64\u0026distro=20230201" }, "Version": "5.8.2-r1", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.2-r1", "Licenses": [ "GPL-3.0-or-later" ], "DependsOn": [ "glibc@2.43-r0", "ld-linux@2.43-r0" ], "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "Digest": "sha1:a62ac8ca6b6fce65347163e705059c140c679433" }, { "ID": "zlib@1.3.1.2-r3", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026distro=20230201", "UID": "236445c03225505b", "BOMRef": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026distro=20230201" }, "Version": "1.3.1.2-r3", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1.2-r3", "Licenses": [ "MPL-2.0", "MIT" ], "DependsOn": [ "glibc@2.43-r0", "wolfi-baselayout@20230201-r26" ], "Layer": { "Digest": "sha256:6cef7635548adc6b2e3bc2bb8ebe6fdcaa99b41ec83d600781fc5340b1098d29", "DiffID": "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47" }, "Digest": "sha1:c8168c5198be7fb77e4af99528d30b2a566474d6" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-4437", "PkgID": "glibc@2.43-r0", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "9004de483fd2b4c8", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7b04faecee94081d77b2eefa347c6abc2d792b96ca99573a367d755aba0360ea", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "glibc@2.43-r0", "PkgName": "glibc", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "9004de483fd2b4c8", "BOMRef": "pkg:apk/wolfi/glibc@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:f17a3cd740d387ecb6c1d1eb4ea889339512bdb9d0095faf7e6153ba92c01b98", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "glibc-locale-posix@2.43-r0", "PkgName": "glibc-locale-posix", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "be1afa3b9b80fd08", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:06694ffbd511e6aa06bd6dbeb9c0971e5b27f5bb2a720ef965e01623061f7600", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "glibc-locale-posix@2.43-r0", "PkgName": "glibc-locale-posix", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "be1afa3b9b80fd08", "BOMRef": "pkg:apk/wolfi/glibc-locale-posix@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:64583792c3a21eb02836eb16b1949608b7d6657585ddc6a3a56f633d64ce5365", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "ld-linux@2.43-r0", "PkgName": "ld-linux", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "b6092db906c1fed3", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:29ae2b7619902b4bd749e3aab1e06a1baa57c4604498f8c6864a88c3c657bf42", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "ld-linux@2.43-r0", "PkgName": "ld-linux", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "b6092db906c1fed3", "BOMRef": "pkg:apk/wolfi/ld-linux@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:a656abb78e6d7f9ce6ca2465349c8f088a68ecdc15882d5e2dea7977aaaef0fa", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "libcrypt1@2.43-r0", "PkgName": "libcrypt1", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "f62850d878b62343", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:a45412e5ebdd98b78a74489dde9bc25fc9e1484d6c05c068c143e05302930788", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-03-23T16:16:51.537Z" }, { "VulnerabilityID": "CVE-2026-4438", "PkgID": "libcrypt1@2.43-r0", "PkgName": "libcrypt1", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201", "UID": "f62850d878b62343", "BOMRef": "pkg:apk/wolfi/libcrypt1@2.43-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "2.43-r0", "FixedVersion": "2.43-r4", "Status": "fixed", "Layer": { "Digest": "sha256:7fd246aa6ab831942b0367736ddf6b0799e236c5278c357f960cd4f33835a3aa", "DiffID": "sha256:653654686b4272724a3efe9e57e899dfc4cd31e7a8abc3f1387ba7992e07c35f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4438", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:38779f1e165ebf44db7a5c7f0ddde79b9572e904e1ed5387cbb93a5f633c7966", "Title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-88" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4438", "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "https://sourceware.org/bugzilla/show_bug.cgi?id=34015", "https://www.cve.org/CVERecord?id=CVE-2026-4438" ], "PublishedDate": "2026-03-20T20:16:49.623Z", "LastModifiedDate": "2026-03-23T15:16:35.68Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.6.1-r1", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "25de9782913d153d", "BOMRef": "pkg:apk/wolfi/libcrypto3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:25ad524ac3c837fe420fcd6607ddc99cc49b76003642c861d25ecaadea283f4e", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.6.1-r1", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "19b9702842890b3", "BOMRef": "pkg:apk/wolfi/libssl3@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:02fc55a9c757fa6bcfe11d95fb21dbe82723d434ab5cb91cfedf674fb3eb8267", "DiffID": "sha256:2d64e69fa70c9611b9326f3de269d8fb379f944951ca8087d6558c92263697c0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:7eda4b35e31a94791e091c5a16083851fdc315c88980d742dcf1725ea9f7ab97", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-26960", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.10.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:ebdb2d6e77edb2c2bf94fc15c6c9f79bab6430e6794cb0dff6a1fd1597ab26d1", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-26996", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.10.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:b8fd212e7ea1cccb7cbd7f19ddf5ce171ee9369203150d6fdf1f9e94e6e8ac46", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:751983340fc76a507ab50fa68877c7c48ffc013491c7e533758da930483ac011", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.11.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:f80178a468117ab198d914d5d3077ae3f1b0572e355f183e2f081e44036941f2", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-29786", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.11.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:d7e36543d8c35a1b395dd9d7fac9a5bdce44730e2d98e84b250c2904154b936b", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-33671", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:858f863a0bf91f9438f20b348e112427571f0d506e89fd7bfedd626b4258eba1", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:247e19cfdbb48b2daa1cc8857e4b920e39c8b7596ad5154d7be9b6f3c598a56b", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33750", "PkgID": "npm@11.9.0-r0", "PkgName": "npm", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201", "UID": "37ecaf000adc4467", "BOMRef": "pkg:apk/wolfi/npm@11.9.0-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "11.9.0-r0", "FixedVersion": "11.12.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:173777edc683c0c6e52e354ba9d80da65bb7196f1ffdd1fce1db218482bfc69d", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "openssl@3.6.1-r1", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201", "UID": "525a18a56b31f47e", "BOMRef": "pkg:apk/wolfi/openssl@3.6.1-r1?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.6.1-r1", "FixedVersion": "3.6.1-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:aa3dc2e1797a2baa3f122ce8da4529efa48e81048a79fdddeccc14d9731f2055", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-03-17T18:16:15.6Z" }, { "VulnerabilityID": "CVE-2026-1299", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1299", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:cafdeaaa0a4b3751af3d48ce05103cba0378bc554abff26eb020f414210f85e2", "Title": "cpython: email header injection due to unquoted newlines", "Description": "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "Severity": "HIGH", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4216", "https://access.redhat.com/security/cve/CVE-2026-1299", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://cve.org/CVERecord?id=CVE-2024-6923", "https://errata.almalinux.org/9/ALSA-2026-4216.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413", "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8", "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9", "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "https://github.com/python/cpython/issues/144125", "https://github.com/python/cpython/pull/144126", "https://linux.oracle.com/cve/CVE-2026-1299.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-1299", "https://www.cve.org/CVERecord?id=CVE-2026-1299" ], "PublishedDate": "2026-01-23T17:16:12.977Z", "LastModifiedDate": "2026-02-13T17:16:12.943Z" }, { "VulnerabilityID": "CVE-2026-4519", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r5", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4519", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:6a236a4ac5aa6519bbda2613efa4163cfa74dbea6d8cc80cb569f06d494470eb", "Title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "Description": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/1", "https://access.redhat.com/errata/RHSA-2026:6286", "https://access.redhat.com/security/cve/CVE-2026-4519", "https://bugzilla.redhat.com/2449649", "https://errata.almalinux.org/9/ALSA-2026-6286.html", "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "https://github.com/python/cpython/issues/143930", "https://github.com/python/cpython/pull/143931", "https://linux.oracle.com/cve/CVE-2026-4519.html", "https://linux.oracle.com/errata/ELSA-2026-6473.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4519", "https://www.cve.org/CVERecord?id=CVE-2026-4519" ], "PublishedDate": "2026-03-20T15:16:24.057Z", "LastModifiedDate": "2026-03-25T18:16:33.073Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:d246f3acdb671d8dfc733dc18bf7d9433a0cd548b80d5d0ad9c1c881ee49bd8a", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:761cc09ddee2ae3363ce5142c862fce13dc373128f01ce92ec908527bbd0e0ff", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:9f8455a68574dad28806b6c472e18f8f5d4397b270a0eaba083da0efe219aeb1", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:3e9e6a8e923be3ff207e0dc0b93c71cf633c35893eeb0394be05d39e08359a54", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2026-3644", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3644", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:38c662aee1100049a63c5f1d58a15477c00da42f57834e409a9e7d65db85c995", "Title": "cpython: Incomplete control character validation in http.cookies", "Description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-116" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3644", "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "https://github.com/python/cpython/issues/145599", "https://github.com/python/cpython/pull/145600", "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3644", "https://www.cve.org/CVERecord?id=CVE-2026-3644" ], "PublishedDate": "2026-03-16T18:16:09.907Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-4224", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4224", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:e6ba3f65ae42ba925b323ad883b4b0bf632a13c44b73a06fb78c8bb9b1922db5", "Title": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "Description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/16/4", "https://access.redhat.com/security/cve/CVE-2026-4224", "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "https://github.com/python/cpython/issues/145986", "https://github.com/python/cpython/pull/145987", "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4224", "https://www.cve.org/CVERecord?id=CVE-2026-4224" ], "PublishedDate": "2026-03-16T18:16:10.07Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-2297", "PkgID": "python-3.13@3.13.12-r0", "PkgName": "python-3.13", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "762a6b89a602b1a4", "BOMRef": "pkg:apk/wolfi/python-3.13@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2297", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:96e634bb7dc8376215362a04f366d4ee172a0b39a57c36a24434364810365395", "Title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "Description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/05/6", "https://access.redhat.com/security/cve/CVE-2026-2297", "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "https://github.com/python/cpython/issues/145506", "https://github.com/python/cpython/pull/145507", "https://nvd.nist.gov/vuln/detail/CVE-2026-2297", "https://www.cve.org/CVERecord?id=CVE-2026-2297" ], "PublishedDate": "2026-03-04T23:16:10.757Z", "LastModifiedDate": "2026-03-12T15:16:27.957Z" }, { "VulnerabilityID": "CVE-2026-1299", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1299", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:d548a2abc99e8d2f14156c6fce95b0f32107b6306859b7d078f29e2e7e63707e", "Title": "cpython: email header injection due to unquoted newlines", "Description": "The \nemail module, specifically the \"BytesGenerator\" class, didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized. This is only applicable if using \"LiteralHeader\" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in \"BytesGenerator\".", "Severity": "HIGH", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4216", "https://access.redhat.com/security/cve/CVE-2026-1299", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://cve.org/CVERecord?id=CVE-2024-6923", "https://errata.almalinux.org/9/ALSA-2026-4216.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413", "https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8", "https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9", "https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4", "https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36", "https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a", "https://github.com/python/cpython/issues/144125", "https://github.com/python/cpython/pull/144126", "https://linux.oracle.com/cve/CVE-2026-1299.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-1299", "https://www.cve.org/CVERecord?id=CVE-2026-1299" ], "PublishedDate": "2026-01-23T17:16:12.977Z", "LastModifiedDate": "2026-02-13T17:16:12.943Z" }, { "VulnerabilityID": "CVE-2026-4519", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r5", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4519", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:6ddbdcac5faec2363e2f6efd6bf74b90accda443d45e5962e757f254502edf17", "Title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "Description": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/1", "https://access.redhat.com/errata/RHSA-2026:6286", "https://access.redhat.com/security/cve/CVE-2026-4519", "https://bugzilla.redhat.com/2449649", "https://errata.almalinux.org/9/ALSA-2026-6286.html", "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "https://github.com/python/cpython/issues/143930", "https://github.com/python/cpython/pull/143931", "https://linux.oracle.com/cve/CVE-2026-4519.html", "https://linux.oracle.com/errata/ELSA-2026-6473.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4519", "https://www.cve.org/CVERecord?id=CVE-2026-4519" ], "PublishedDate": "2026-03-20T15:16:24.057Z", "LastModifiedDate": "2026-03-25T18:16:33.073Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:2d350d0e9c2d4080753d70b9e43c1985cb65e8ae36155887207b275767df68bf", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:50fea8f080f7278097e526af498b76516cbdfa8e43d7baad4e6f5401fd262b1d", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:ce7f2654e80f77c38db3ad01495d8a476799cf6f87023159f0e74394adf2b0c8", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:ee0877f9557d5aa4a4a9981cbd7c22df5fb02d3dab7e5a7f5f5b40101cdc1976", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2026-3644", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3644", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:73e0d7a891eb1d9105e16d65c48e9e06919acfcd3ba113bdf4a6264408aed7d4", "Title": "cpython: Incomplete control character validation in http.cookies", "Description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-116" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3644", "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4", "https://github.com/python/cpython/commit/62ceb396fcbe69da1ded3702de586f4072b590dd", "https://github.com/python/cpython/commit/d16ecc6c3626f0e2cc8f08c309c83934e8a979dd", "https://github.com/python/cpython/issues/145599", "https://github.com/python/cpython/pull/145600", "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3644", "https://www.cve.org/CVERecord?id=CVE-2026-3644" ], "PublishedDate": "2026-03-16T18:16:09.907Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-4224", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r7", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4224", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:8cf23521d8aabb0fcb6dafa4c310e05593e0c1ede5b2380709468b736ef87450", "Title": "cpython: Stack overflow parsing XML with deeply nested DTD content models", "Description": "When an Expat parser with a registered ElementDeclHandler parses an inline\ndocument type definition containing a deeply nested content model a C stack\noverflow occurs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/16/4", "https://access.redhat.com/security/cve/CVE-2026-4224", "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a", "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3", "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768", "https://github.com/python/cpython/issues/145986", "https://github.com/python/cpython/pull/145987", "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/", "https://nvd.nist.gov/vuln/detail/CVE-2026-4224", "https://www.cve.org/CVERecord?id=CVE-2026-4224" ], "PublishedDate": "2026-03-16T18:16:10.07Z", "LastModifiedDate": "2026-03-17T14:20:01.67Z" }, { "VulnerabilityID": "CVE-2026-2297", "PkgID": "python-3.13-base@3.13.12-r0", "PkgName": "python-3.13-base", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201", "UID": "8f6e6fce169026db", "BOMRef": "pkg:apk/wolfi/python-3.13-base@3.13.12-r0?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "3.13.12-r0", "FixedVersion": "3.13.12-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c2a779c143b5fc204d5b316a8a7776d55573e38b86477ec83f49a8cb877249fd", "DiffID": "sha256:09cd86a928af12fc99b5ddc046485b83d02be5f1f452ed03519b341b0aad98ee" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2297", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:9bdb6b759f4e608d62b6db39a3b88a7937212e260693e4fd55080b12bcfcf71c", "Title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling", "Description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "Severity": "LOW", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "redhat": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/05/6", "https://access.redhat.com/security/cve/CVE-2026-2297", "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e", "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e", "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86", "https://github.com/python/cpython/issues/145506", "https://github.com/python/cpython/pull/145507", "https://nvd.nist.gov/vuln/detail/CVE-2026-2297", "https://www.cve.org/CVERecord?id=CVE-2026-2297" ], "PublishedDate": "2026-03-04T23:16:10.757Z", "LastModifiedDate": "2026-03-12T15:16:27.957Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1.2-r3", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026distro=20230201", "UID": "236445c03225505b", "BOMRef": "pkg:apk/wolfi/zlib@1.3.1.2-r3?arch=x86_64\u0026distro=20230201" }, "InstalledVersion": "1.3.1.2-r3", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:6cef7635548adc6b2e3bc2bb8ebe6fdcaa99b41ec83d600781fc5340b1098d29", "DiffID": "sha256:4faa46a986ba8a306b6fc45da64efe4dfbffaec1284503f249ff0dffd66a7f47" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "wolfi", "Name": "Wolfi Secdb", "URL": "https://packages.wolfi.dev/os/security.json" }, "Fingerprint": "sha256:51d697e4b2757a9e01e53d8d3c4a640a7f4e5e67b0eb43344f308a68e6f915a2", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Node.js", "Class": "lang-pkgs", "Type": "node-pkg", "Packages": [ { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "e8c22a8c169393f8", "BOMRef": "pkg:npm/%40isaacs/balanced-match@4.0.1" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/balanced-match/package.json", "Digest": "sha1:17c25730c5cb82e1d4ee1c212f2b2588dd5a3781" }, { "ID": "@isaacs/brace-expansion@5.0.0", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "98d74c73ccd6983b", "BOMRef": "pkg:npm/%40isaacs/brace-expansion@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "Digest": "sha1:2459cb4c8d448d170d5705d9e9c41bc0d8fca900" }, { "ID": "@isaacs/cliui@8.0.2", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", "UID": "bab330839a7b773d", "BOMRef": "pkg:npm/%40isaacs/cliui@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/package.json", "Digest": "sha1:5f8f4c1e3bf1144f3a52c51bf040d843bb2a8b90" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "5c9ed66040a73691", "BOMRef": "pkg:npm/%40isaacs/fs-minipass@4.0.1" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/fs-minipass/package.json", "Digest": "sha1:504edba0a95630e08edf150335c2fe914825fc5a" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "9eed5f99d857dbf4", "BOMRef": "pkg:npm/%40isaacs/string-locale-compare@1.1.0" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json", "Digest": "sha1:9dc38644ea6f125e3b06825ff04df5ea22f56094" }, { "ID": "@npmcli/agent@3.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@3.0.0", "UID": "31263f007736d55e", "BOMRef": "pkg:npm/%40npmcli/agent@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/@npmcli/agent/package.json", "Digest": "sha1:ca472993ec88d2b98a488f843d480575f24092f7" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "301e9e05733b567e", "BOMRef": "pkg:npm/%40npmcli/agent@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/agent/package.json", "Digest": "sha1:48e34f21103faf00d9c60756e62dee09494be465" }, { "ID": "@npmcli/arborist@9.1.6", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", "UID": "c474981cb5f26893", "BOMRef": "pkg:npm/%40npmcli/arborist@9.1.6" }, "Version": "9.1.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json", "Digest": "sha1:f33c67da757406439e5a8bb3b39996fa87d27dbf" }, { "ID": "@npmcli/config@10.4.2", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.4.2", "UID": "4549fd3ba7675839", "BOMRef": "pkg:npm/%40npmcli/config@10.4.2" }, "Version": "10.4.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/config/package.json", "Digest": "sha1:194b60a9b2b1b7d9c55bbde6f002e6f407c29753" }, { "ID": "@npmcli/fs@4.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@4.0.0", "UID": "f5dc7f739cc21373", "BOMRef": "pkg:npm/%40npmcli/fs@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/fs/package.json", "Digest": "sha1:cf0302511d637d6a1f8b5e49b3d9b42210c7b8f0" }, { "ID": "@npmcli/git@7.0.0", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.0", "UID": "20b3781a77a4cbb3", "BOMRef": "pkg:npm/%40npmcli/git@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/git/package.json", "Digest": "sha1:89602e9193afacae84abb1ceab33721b03fa29c6" }, { "ID": "@npmcli/installed-package-contents@3.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", "UID": "3234dff5979467ff", "BOMRef": "pkg:npm/%40npmcli/installed-package-contents@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json", "Digest": "sha1:eb7509c6d4a24822861ce30d6906b6bba7ea40c1" }, { "ID": "@npmcli/map-workspaces@5.0.0", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", "UID": "6b05ec8a24ab844b", "BOMRef": "pkg:npm/%40npmcli/map-workspaces@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json", "Digest": "sha1:7af92b48b9fde0f645832109b03656a17c015dc5" }, { "ID": "@npmcli/metavuln-calculator@9.0.2", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", "UID": "4a1c04cd88e82037", "BOMRef": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json", "Digest": "sha1:8d3811d7a2b96bdeaccde89048f54f01885506ba" }, { "ID": "@npmcli/name-from-folder@3.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", "UID": "b2ab38447ea486e0", "BOMRef": "pkg:npm/%40npmcli/name-from-folder@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json", "Digest": "sha1:2b6a54a8d10c9125e653dbe6f740e380324b61ba" }, { "ID": "@npmcli/node-gyp@4.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", "UID": "5b2727c2c4792eb4", "BOMRef": "pkg:npm/%40npmcli/node-gyp@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json", "Digest": "sha1:a91f3ca2b970fb8453035a15ea7ae5a2c68859c1" }, { "ID": "@npmcli/package-json@7.0.1", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", "UID": "2efbc12469ffe050", "BOMRef": "pkg:npm/%40npmcli/package-json@7.0.1" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json", "Digest": "sha1:8dfa60053aeca0de1403eb7c517dafc86e7e3611" }, { "ID": "@npmcli/promise-spawn@8.0.3", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", "UID": "34b747749012780d", "BOMRef": "pkg:npm/%40npmcli/promise-spawn@8.0.3" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json", "Digest": "sha1:5101b25f91ee7af2103b68a59b43b116bc4aaaad" }, { "ID": "@npmcli/query@4.0.1", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@4.0.1", "UID": "5dcf1ee29c32b98f", "BOMRef": "pkg:npm/%40npmcli/query@4.0.1" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/query/package.json", "Digest": "sha1:71d09c79da76d695099a90a592415e9c1440c5a1" }, { "ID": "@npmcli/redact@3.2.2", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@3.2.2", "UID": "baf081b929b222cf", "BOMRef": "pkg:npm/%40npmcli/redact@3.2.2" }, "Version": "3.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/redact/package.json", "Digest": "sha1:6f100bba733fae433b3156bd6a8a90249ffc5ecb" }, { "ID": "@npmcli/run-script@10.0.0", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", "UID": "75f38f3c138ff818", "BOMRef": "pkg:npm/%40npmcli/run-script@10.0.0" }, "Version": "10.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json", "Digest": "sha1:cdedbbbcbd429e634685f7c67d7069c6593b8006" }, { "ID": "@pkgjs/parseargs@0.11.0", "Name": "@pkgjs/parseargs", "Identifier": { "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", "UID": "15379c59c46395a3", "BOMRef": "pkg:npm/%40pkgjs/parseargs@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@pkgjs/parseargs/package.json", "Digest": "sha1:0dd3949ab9157869b8d3387f50a149bca2638d73" }, { "ID": "@prisma/client@5.4.2", "Name": "@prisma/client", "Identifier": { "PURL": "pkg:npm/%40prisma/client@5.4.2", "UID": "3d57c7c13d125234", "BOMRef": "pkg:npm/%40prisma/client@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:4ac89e35ae91e88fa80fc1497e77e7e0da8f6220ed30ac35c40eff0766536d27", "DiffID": "sha256:08f5f5edd437f19cd3c96a1a89f0f02a8b9c9e468ff7f478652151d4be3b19d9" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/prisma-client/package.json", "Digest": "sha1:067a3cf4b08bb66df88691a278bd21a778474e60" }, { "ID": "@prisma/engines@5.4.2", "Name": "@prisma/engines", "Identifier": { "PURL": "pkg:npm/%40prisma/engines@5.4.2", "UID": "56379674be8289d2", "BOMRef": "pkg:npm/%40prisma/engines@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:4ac89e35ae91e88fa80fc1497e77e7e0da8f6220ed30ac35c40eff0766536d27", "DiffID": "sha256:08f5f5edd437f19cd3c96a1a89f0f02a8b9c9e468ff7f478652151d4be3b19d9" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/@prisma/engines/package.json", "Digest": "sha1:27f640d9b356e0726de8c28f78eb8ad1c8bf1dd9" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "ee7d6ca2acbff16c", "BOMRef": "pkg:npm/%40sigstore/bundle@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/bundle/package.json", "Digest": "sha1:1d6ca2f018ec884e6df5424d8d7fc6818d64c3b4" }, { "ID": "@sigstore/core@3.0.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.0.0", "UID": "9bfad25be1ca4d07", "BOMRef": "pkg:npm/%40sigstore/core@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/core/package.json", "Digest": "sha1:a3582aa64bea04fc99d1275aba7ebc582925a2c8" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "37035589b6a200d0", "BOMRef": "pkg:npm/%40sigstore/protobuf-specs@0.5.0" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/protobuf-specs/package.json", "Digest": "sha1:883da1dcb03a5b8e4ba41bd5e8db239c9c17392b" }, { "ID": "@sigstore/sign@4.0.1", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.0.1", "UID": "f3f290deadfeb41c", "BOMRef": "pkg:npm/%40sigstore/sign@4.0.1" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/sign/package.json", "Digest": "sha1:4bec0011dd3d4f58a729b1a9e0e8e9592416f4b2" }, { "ID": "@sigstore/tuf@4.0.0", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", "UID": "8f6eee306314e3df", "BOMRef": "pkg:npm/%40sigstore/tuf@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/tuf/package.json", "Digest": "sha1:3a59a8c16182f65f8cabbf98fee333c9eaa394f6" }, { "ID": "@sigstore/verify@3.0.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.0.0", "UID": "7fad88d08c954205", "BOMRef": "pkg:npm/%40sigstore/verify@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@sigstore/verify/package.json", "Digest": "sha1:fb4180fd0c6f2de9386fa2ef9929f4c1a6f00562" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "ca73433a26933371", "BOMRef": "pkg:npm/%40tufjs/canonical-json@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/canonical-json/package.json", "Digest": "sha1:5af11d14b15be3f1dc8a1195100ea60de40325c9" }, { "ID": "@tufjs/models@4.0.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.0.0", "UID": "c7f31ed2a963265e", "BOMRef": "pkg:npm/%40tufjs/models@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/package.json", "Digest": "sha1:1630e9d321e28e965386e30f9d855f05b6278fa9" }, { "ID": "abbrev@3.0.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@3.0.1", "UID": "9512e577e7d80eac", "BOMRef": "pkg:npm/abbrev@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/abbrev/package.json", "Digest": "sha1:58ff9d74c88270726b05e383ba4d2641a18438f3" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "18e917ddae753f9e", "BOMRef": "pkg:npm/agent-base@7.1.4" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/agent-base/package.json", "Digest": "sha1:126adbedcff6faa6826eca63c75e9193237ab10b" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "77aeeece5700bfc6", "BOMRef": "pkg:npm/ansi-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-regex/package.json", "Digest": "sha1:f1b78e043012e1ab5689d57377093e88f1400677" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "e8ff21fb726e0fa", "BOMRef": "69d51999-353f-49c4-a1fe-b474643eed2a" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "de2fbf87b86cfafc", "BOMRef": "609c9beb-c6bb-4805-b23c-d910b8c969f0" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json", "Digest": "sha1:ce200865f7a4839de6213072c7986484139c50b1" }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "25836319109a7d07", "BOMRef": "pkg:npm/ansi-styles@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles/package.json", "Digest": "sha1:3c9ef7bd0a1c3d805814c654c457cc315c48c116" }, { "ID": "ansi-styles@6.2.3", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@6.2.3", "UID": "cf6c1c4ba7fbc16b", "BOMRef": "pkg:npm/ansi-styles@6.2.3" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ansi-styles/package.json", "Digest": "sha1:adb4944aaa807d2d90a6d54e220759c3081c10d2" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "68b4c80af6bfa5fe", "BOMRef": "pkg:npm/aproba@2.1.0" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/aproba/package.json", "Digest": "sha1:1cc57d456b29f580ef93bb2fee5566d3e3285009" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "c8bf9e245c2769c5", "BOMRef": "pkg:npm/archy@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/archy/package.json", "Digest": "sha1:3bd81e8f9d8e79057497b7473c6eac4f3d519149" }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "dbfe96a1358b6765", "BOMRef": "pkg:npm/balanced-match@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/balanced-match/package.json", "Digest": "sha1:ef0a0d2fd68c3396309ab54ab08c5f8d362436ea" }, { "ID": "bin-links@5.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@5.0.0", "UID": "a7558b35c2cfe095", "BOMRef": "pkg:npm/bin-links@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/bin-links/package.json", "Digest": "sha1:7d183a1e12f89adf8e1b38038a8b34f9be897f40" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "75c5b35a9030e25b", "BOMRef": "pkg:npm/binary-extensions@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/binary-extensions/package.json", "Digest": "sha1:fd41784d905c4769ecd7a2045234bf3336b20240" }, { "ID": "brace-expansion@2.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "b742247002de60c2", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "Digest": "sha1:c2e8d8ccf674a808b63453e8432ae0f696375fbd" }, { "ID": "cacache@19.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@19.0.1", "UID": "a9e39f98cf89971d", "BOMRef": "pkg:npm/cacache@19.0.1" }, "Version": "19.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/cacache/package.json", "Digest": "sha1:4bfa58e7ac62a86d0f86b54faa34f063f3344a61" }, { "ID": "cacache@20.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.1", "UID": "8e17cc17b9c93fba", "BOMRef": "pkg:npm/cacache@20.0.1" }, "Version": "20.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cacache/package.json", "Digest": "sha1:1680c258e907f8a5844f3ddfd9334de3825ebf84" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "1ede57bb5db4b753", "BOMRef": "pkg:npm/chalk@5.6.2" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chalk/package.json", "Digest": "sha1:468d2997b68c367664e82a1d1b8bc344c65a52f6" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "66b3335a453855d4", "BOMRef": "pkg:npm/chownr@3.0.0" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/chownr/package.json", "Digest": "sha1:fc7d452c2e7e9b57f311b04f8b5826656ccc8e1b" }, { "ID": "ci-info@4.3.1", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.3.1", "UID": "a494378e0c02df5d", "BOMRef": "pkg:npm/ci-info@4.3.1" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ci-info/package.json", "Digest": "sha1:6b3b12a5534f6e76cb13a851250efc1bb7e5ff21" }, { "ID": "cidr-regex@5.0.1", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.1", "UID": "cac3e72d8c2794cb", "BOMRef": "pkg:npm/cidr-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cidr-regex/package.json", "Digest": "sha1:472161dcb9eaebd9f280a0b36172ba21f93a9b86" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "e878df88644bc9f6", "BOMRef": "pkg:npm/cli-columns@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cli-columns/package.json", "Digest": "sha1:06c7ce3d82ba512eafa34bab2566bcce77d4beb9" }, { "ID": "cmd-shim@7.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@7.0.0", "UID": "f777d188d740483d", "BOMRef": "pkg:npm/cmd-shim@7.0.0" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cmd-shim/package.json", "Digest": "sha1:31d3d08612d9deeb670d074f68fd539f1bc62080" }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "2d083145020b3b21", "BOMRef": "pkg:npm/color-convert@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-convert/package.json", "Digest": "sha1:03f26ab8597e0117b7ad15bcfa9f0b31c8375ea9" }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "ecd52d9e35ebdef7", "BOMRef": "pkg:npm/color-name@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/color-name/package.json", "Digest": "sha1:411d7c87d5b1dec0d479aa13e3406b5c38ac34f5" }, { "ID": "common-ancestor-path@1.0.1", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@1.0.1", "UID": "9f96568add31fed1", "BOMRef": "pkg:npm/common-ancestor-path@1.0.1" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/common-ancestor-path/package.json", "Digest": "sha1:164a1acbc7cc3127c78c5da7b26667bf93b8b8c3" }, { "ID": "corepack@0.34.5", "Name": "corepack", "Identifier": { "PURL": "pkg:npm/corepack@0.34.5", "UID": "67d860c7431943b3", "BOMRef": "pkg:npm/corepack@0.34.5" }, "Version": "0.34.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/corepack/package.json", "Digest": "sha1:2c59efe8aa565dc3e10f82c7ab2d248e5d3e711f" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "79b5455c6065aaa0", "BOMRef": "pkg:npm/cross-spawn@7.0.6" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/package.json", "Digest": "sha1:9becaa8ecb51ad9b303dd62369423cb9f287163a" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "a4cb2cb95e0d8044", "BOMRef": "pkg:npm/cssesc@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cssesc/package.json", "Digest": "sha1:3a37cece4f715e91ef0aed027baea0039bb20087" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "4d3a7f064358e071", "BOMRef": "pkg:npm/debug@4.4.3" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/debug/package.json", "Digest": "sha1:f1c3de400f61581ce6d6d43f9ec4c456cb8017f7" }, { "ID": "diff@8.0.2", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "1894ff8e5020deb9", "BOMRef": "pkg:npm/diff@8.0.2" }, "Version": "8.0.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "Digest": "sha1:719cc8a399073fae18f522fc26e7058f2048cd43" }, { "ID": "eastasianwidth@0.2.0", "Name": "eastasianwidth", "Identifier": { "PURL": "pkg:npm/eastasianwidth@0.2.0", "UID": "779e929fd1d7f19c", "BOMRef": "pkg:npm/eastasianwidth@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/eastasianwidth/package.json", "Digest": "sha1:c3bff6d91fcbc648b17edd5f8e37bac1f47485a4" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "d7d740b6c36b7b4a", "BOMRef": "pkg:npm/emoji-regex@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/emoji-regex/package.json", "Digest": "sha1:c26fe90da5886724a2676b8e3d5890beeacaad20" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "a05e9cae937f5fb7", "BOMRef": "05397816-4d06-4048-9adf-bde2df513512" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "527347b42e86767b", "BOMRef": "1fe0b7b6-9b2f-4ee7-9b96-a8b56d512581" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex/package.json", "Digest": "sha1:238c48183550d02ab5c0dd37e13d57006dce640a" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "a09d324323f402df", "BOMRef": "pkg:npm/encoding@0.1.13" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/encoding/package.json", "Digest": "sha1:52b117f2bc3113970224b9dc97b7fc18f7df30ab" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "9af99e01aa2a7e34", "BOMRef": "pkg:npm/env-paths@2.2.1" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/env-paths/package.json", "Digest": "sha1:b5b570f41c1d3e8f251fd06d075cefea4a3449a9" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "67725303a579e729", "BOMRef": "pkg:npm/err-code@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/err-code/package.json", "Digest": "sha1:5c7bc63340bc312d1563bb2b369e333e1165ab04" }, { "ID": "exponential-backoff@3.1.2", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.2", "UID": "67f129dfcef9b03a", "BOMRef": "pkg:npm/exponential-backoff@3.1.2" }, "Version": "3.1.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/exponential-backoff/package.json", "Digest": "sha1:af54bb38a82b5a0d058c722fac83b3bf91fff3f5" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "c0856758eaa935e7", "BOMRef": "pkg:npm/fastest-levenshtein@1.0.16" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json", "Digest": "sha1:3aca1160ba8ff112a40cdfd2c860a5d6cd689391" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "1c72b3b0d2f0a335", "BOMRef": "pkg:npm/fdir@6.5.0" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/fdir/package.json", "Digest": "sha1:87c30edff77dd2a0847ac92b0a76837682d64eb2" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "9267c3f421bb230d", "BOMRef": "pkg:npm/foreground-child@3.3.1" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/foreground-child/package.json", "Digest": "sha1:ca2af14071df0e6084e5797f9fbcf179d51f9e5d" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "d867a0b38edecef1", "BOMRef": "pkg:npm/fs-minipass@3.0.3" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/fs-minipass/package.json", "Digest": "sha1:2e472ead48322dd560133d10f39db20ee5e3fae1" }, { "ID": "glob@10.4.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "a00af3c63f33d8ab", "BOMRef": "pkg:npm/glob@10.4.5" }, "Version": "10.4.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json", "Digest": "sha1:fd815b4c5b195a178a7d55053a39c28202d6ce7c" }, { "ID": "glob@11.0.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "a6a72c4895ad041d", "BOMRef": "pkg:npm/glob@11.0.3" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/package.json", "Digest": "sha1:d6ba1b347026dc0b03d5d5a448c2912a3d438e1d" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "efa2f9dc20125f80", "BOMRef": "pkg:npm/graceful-fs@4.2.11" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/graceful-fs/package.json", "Digest": "sha1:21a733b3f7e2ee153041de90fb03d5596934f346" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "7a7c38b0b6aaf9d2", "BOMRef": "pkg:npm/hosted-git-info@9.0.2" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/hosted-git-info/package.json", "Digest": "sha1:bd2953244687bfff7fdc74a3798a66119f64428e" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "d75e3862515f2b2a", "BOMRef": "pkg:npm/http-cache-semantics@4.2.0" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-cache-semantics/package.json", "Digest": "sha1:563b0d8af1a9641083e8f6cefbf4259fa845e7ca" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "88b8ad3ba92df1b2", "BOMRef": "pkg:npm/http-proxy-agent@7.0.2" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/http-proxy-agent/package.json", "Digest": "sha1:f8b2b2bf2f3e2f8491496f9efe80b96442a803a9" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "370a4513a1d2f2e4", "BOMRef": "pkg:npm/https-proxy-agent@7.0.6" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/https-proxy-agent/package.json", "Digest": "sha1:17ea193ab8be5c579a2d10e9a13bff389858f7e8" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "2552b32eb6d5f5b9", "BOMRef": "pkg:npm/iconv-lite@0.6.3" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/iconv-lite/package.json", "Digest": "sha1:a3d90badf75db503f5dd3ff3fb76d120d1424978" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "6de179cab755fe4c", "BOMRef": "pkg:npm/ignore-walk@8.0.0" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ignore-walk/package.json", "Digest": "sha1:48b090250976a784406de6d243cb8221ac357a08" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "3d82ece99c66ce38", "BOMRef": "pkg:npm/imurmurhash@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/imurmurhash/package.json", "Digest": "sha1:a28f2b413385af4188c4fc0ad1e0c38c2cd03cf4" }, { "ID": "ini@5.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@5.0.0", "UID": "c1c9c1f6908b679a", "BOMRef": "pkg:npm/ini@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ini/package.json", "Digest": "sha1:6f82de9e6ee727a4e745446e6687d6dc4a13bc0f" }, { "ID": "init-package-json@8.2.2", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.2", "UID": "4c0e94af63413ed8", "BOMRef": "pkg:npm/init-package-json@8.2.2" }, "Version": "8.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/init-package-json/package.json", "Digest": "sha1:fd90752e9caf5c625bc4f238dd7498c6e759f0a8" }, { "ID": "ip-address@10.0.1", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.0.1", "UID": "68e27b9007f05bc0", "BOMRef": "pkg:npm/ip-address@10.0.1" }, "Version": "10.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-address/package.json", "Digest": "sha1:c08d23fa891935fb24a5e1a07334197e8974138a" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "4a1dc860c0b8eaf9", "BOMRef": "pkg:npm/ip-regex@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ip-regex/package.json", "Digest": "sha1:e3ebe61a5855188e86da90f29b0ea8c44793b9f0" }, { "ID": "is-cidr@6.0.1", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.1", "UID": "346b9c4d1c6bd6b", "BOMRef": "pkg:npm/is-cidr@6.0.1" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-cidr/package.json", "Digest": "sha1:7ae4aacf966b4f49bd609909796a7700fd8e877d" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "66e770472e92dd71", "BOMRef": "pkg:npm/is-fullwidth-code-point@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/is-fullwidth-code-point/package.json", "Digest": "sha1:49dbcba3eb3e3cba5b97bce28eb6194775d23c88" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "abad2340f49d3f3a", "BOMRef": "pkg:npm/isexe@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/isexe/package.json", "Digest": "sha1:3b3eab80c4ffd08eef6b3381b98de7be3649d06b" }, { "ID": "isexe@3.1.1", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@3.1.1", "UID": "7a283dd6598262c3", "BOMRef": "pkg:npm/isexe@3.1.1" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/isexe/package.json", "Digest": "sha1:33fc88b1f05370bb6518291c601cf96cfcafdc3b" }, { "ID": "jackspeak@3.4.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@3.4.3", "UID": "fad04273a4e895b3", "BOMRef": "pkg:npm/jackspeak@3.4.3" }, "Version": "3.4.3", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/jackspeak/package.json", "Digest": "sha1:15e15f7f7565d0a355be813b2e68eb35e65102a5" }, { "ID": "jackspeak@4.1.1", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.1.1", "UID": "d8c9ecb83112a27f", "BOMRef": "pkg:npm/jackspeak@4.1.1" }, "Version": "4.1.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jackspeak/package.json", "Digest": "sha1:8997e3643b1400526da8981a9f1ed0bc41a60261" }, { "ID": "json-parse-even-better-errors@4.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", "UID": "844c4a97bbb44ba0", "BOMRef": "pkg:npm/json-parse-even-better-errors@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json", "Digest": "sha1:6fb81ff6b422e2dd97dbd03d6095016aa7a4317e" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "e5aec01ea199b270", "BOMRef": "pkg:npm/json-stringify-nice@1.1.4" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/json-stringify-nice/package.json", "Digest": "sha1:adef02a4345a493535ccb990b09f850508ae516f" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "f33aef6e58d27238", "BOMRef": "pkg:npm/jsonparse@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/jsonparse/package.json", "Digest": "sha1:ec0bb766bf32ebd53d835393da006bb834a663fd" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "5408ac92653fcc65", "BOMRef": "pkg:npm/just-diff@6.0.2" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff/package.json", "Digest": "sha1:396a274e87b3ad6a3704a76cf18fbb2a9dd45ada" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "b5b536bbfa6323ef", "BOMRef": "pkg:npm/just-diff-apply@5.5.0" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/just-diff-apply/package.json", "Digest": "sha1:26d39d00f0fc1ddfe4974dbe69691f9c09ad9036" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "885fe5932813d912", "BOMRef": "pkg:npm/libnpmaccess@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmaccess/package.json", "Digest": "sha1:c1d01036aa963e18b715c0bf3ec1bdad5d39d0be" }, { "ID": "libnpmdiff@8.0.9", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.0.9", "UID": "4cb24d79df9437fc", "BOMRef": "pkg:npm/libnpmdiff@8.0.9" }, "Version": "8.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmdiff/package.json", "Digest": "sha1:08529ea2d28cea59a474b7a9b8d07dfd33842d72" }, { "ID": "libnpmexec@10.1.8", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.1.8", "UID": "206776417b0b3a25", "BOMRef": "pkg:npm/libnpmexec@10.1.8" }, "Version": "10.1.8", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmexec/package.json", "Digest": "sha1:42067a230f8087be6622933bc2204beb43c65053" }, { "ID": "libnpmfund@7.0.9", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.9", "UID": "815f0cb9f871dc52", "BOMRef": "pkg:npm/libnpmfund@7.0.9" }, "Version": "7.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmfund/package.json", "Digest": "sha1:1906251db79b7a437239f95aa0df79c7c554619e" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "164afcb4764cc9d0", "BOMRef": "pkg:npm/libnpmorg@8.0.1" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmorg/package.json", "Digest": "sha1:bb751a1dee75e700037086efe488eaadcf29345f" }, { "ID": "libnpmpack@9.0.9", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.0.9", "UID": "7b949b4d8e5e719f", "BOMRef": "pkg:npm/libnpmpack@9.0.9" }, "Version": "9.0.9", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpack/package.json", "Digest": "sha1:9946d06d2edee965070b52064492a9f7bc63194e" }, { "ID": "libnpmpublish@11.1.2", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.2", "UID": "c6ab2ac09dc8fd2c", "BOMRef": "pkg:npm/libnpmpublish@11.1.2" }, "Version": "11.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmpublish/package.json", "Digest": "sha1:cee9c37cf9421b071b038e99b83e2d60f355d7f1" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "96f07a87e7b5cf4b", "BOMRef": "pkg:npm/libnpmsearch@9.0.1" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmsearch/package.json", "Digest": "sha1:839c733ea34fee24f8639d9514b827f20634aa47" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "a985626b910f1a70", "BOMRef": "pkg:npm/libnpmteam@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmteam/package.json", "Digest": "sha1:4638228278157df58223fce221f2b21e99a43351" }, { "ID": "libnpmversion@8.0.2", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.2", "UID": "cc65aa6a5c5e2461", "BOMRef": "pkg:npm/libnpmversion@8.0.2" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/libnpmversion/package.json", "Digest": "sha1:6508dfbbc8b9d0b7f7c4c0310fcb0a4b6c244754" }, { "ID": "litellm-dashboard@0.1.0", "Name": "litellm-dashboard", "Identifier": { "PURL": "pkg:npm/litellm-dashboard@0.1.0", "UID": "da92f6b42fbf7e70", "BOMRef": "pkg:npm/litellm-dashboard@0.1.0" }, "Version": "0.1.0", "Layer": { "Digest": "sha256:b7f72717df142191ed7de8ada008e49369f0d27de05f5d59bd53e29f96534149", "DiffID": "sha256:e3f9bfdda771fb95420d92c819881f3d47b08b1bba44e6a050d962c0c7382da9" }, "FilePath": "app/ui/litellm-dashboard/package.json", "Digest": "sha1:ee76a03b8fb953f2f3003eeb454643fc9b8556a6" }, { "ID": "lru-cache@10.4.3", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@10.4.3", "UID": "24fc552aed16ab6", "BOMRef": "pkg:npm/lru-cache@10.4.3" }, "Version": "10.4.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/lru-cache/package.json", "Digest": "sha1:eba45f816c43b1e505440b7a7f8392e38ba11306" }, { "ID": "lru-cache@11.2.2", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.2", "UID": "343127fabc6990f2", "BOMRef": "pkg:npm/lru-cache@11.2.2" }, "Version": "11.2.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/lru-cache/package.json", "Digest": "sha1:6dd2a4249041a81465f9774e129f7b29c27a6f80" }, { "ID": "make-fetch-happen@14.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@14.0.3", "UID": "c50a97a9083ee613", "BOMRef": "pkg:npm/make-fetch-happen@14.0.3" }, "Version": "14.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/make-fetch-happen/package.json", "Digest": "sha1:4e321611ef7ad4a60c9b8db56a8e49c35f4624f5" }, { "ID": "make-fetch-happen@15.0.2", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.2", "UID": "6756fda4fa8b82d0", "BOMRef": "pkg:npm/make-fetch-happen@15.0.2" }, "Version": "15.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/make-fetch-happen/package.json", "Digest": "sha1:da7290a1f11c33952730308c1a35b3031addcbea" }, { "ID": "minimatch@10.0.3", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f0babdce065c5efb", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "Digest": "sha1:052b0b10a498caa8cff3370cf90554d3b8be575c" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "806ae6999ebc28d8", "BOMRef": "39b4eddf-f08e-4bdb-b1db-b4a049ad9ca8" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "8c2de706ca1e3f8", "BOMRef": "942943d9-39bf-4cbc-808b-9e19fb8be67b" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "Digest": "sha1:fad71756ee05319a797b6ec51669df8e01e76379" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "1d1f17b677156ac8", "BOMRef": "a919cacb-b4d9-4b82-94ab-f8c80f990bf2" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "b5acf447b4ff56d2", "BOMRef": "f00f5443-e13c-438c-a905-cf68183ec3a5" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "152cede5020f5a14", "BOMRef": "5fc0ef3d-fd66-4a61-9ba2-7b5192c9c418" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/node_modules/minipass/package.json", "Digest": "sha1:fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "8dd65d453a5e557f", "BOMRef": "pkg:npm/minipass@7.1.2" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass/package.json", "Digest": "sha1:798df22ae1185484c372b4da30c4d75a0e7ea572" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "e82491b529554dfe", "BOMRef": "pkg:npm/minipass-collect@2.0.1" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-collect/package.json", "Digest": "sha1:7ca3a77ca7b795148ecee5d9ebbe96e968dddb15" }, { "ID": "minipass-fetch@4.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@4.0.1", "UID": "f1982ec976116b38", "BOMRef": "pkg:npm/minipass-fetch@4.0.1" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-fetch/package.json", "Digest": "sha1:20a8b7cdd0d9df659a448aef3a4589ca2a95d39e" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "eba1d24958e67a1f", "BOMRef": "pkg:npm/minipass-flush@1.0.5" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-flush/package.json", "Digest": "sha1:c89612a2a9c68141b8271bbc94bcc88067c29790" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "891bc4d08bfb4e05", "BOMRef": "pkg:npm/minipass-pipeline@1.2.4" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-pipeline/package.json", "Digest": "sha1:e30c58465801deaceb4b81898e531c75679563b1" }, { "ID": "minipass-sized@1.0.3", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@1.0.3", "UID": "f0fb95dda3c7b2f7", "BOMRef": "pkg:npm/minipass-sized@1.0.3" }, "Version": "1.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minipass-sized/package.json", "Digest": "sha1:615e0e93dfdbc65b217029380591abc9e9b64136" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "dce4a834fdd77c93", "BOMRef": "pkg:npm/minizlib@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minizlib/package.json", "Digest": "sha1:ecda8f42a2256be6ae9bba8a268ae3964683fe09" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "5f9fbee242a0db74", "BOMRef": "pkg:npm/ms@2.1.3" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ms/package.json", "Digest": "sha1:c290eb97736177176d071da4ac855ab995685c97" }, { "ID": "mute-stream@2.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@2.0.0", "UID": "7942ac361360a733", "BOMRef": "pkg:npm/mute-stream@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/mute-stream/package.json", "Digest": "sha1:7f9eff4bc99d6d99dfa22506626bf4d2ec36530c" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "5a6e5ef5e717c3c9", "BOMRef": "pkg:npm/negotiator@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/negotiator/package.json", "Digest": "sha1:046524b23a7aefb2b0cfd3ebbd0fd84c0f7df3f6" }, { "ID": "node-gyp@11.4.2", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@11.4.2", "UID": "c7d1f9fa288a9e90", "BOMRef": "pkg:npm/node-gyp@11.4.2" }, "Version": "11.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/package.json", "Digest": "sha1:ccf15dc1a8d1d80613e27c704d1776222cc81229" }, { "ID": "nopt@8.1.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@8.1.0", "UID": "686b173aee5ddb7", "BOMRef": "pkg:npm/nopt@8.1.0" }, "Version": "8.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/nopt/package.json", "Digest": "sha1:317e51d1f350fa28d851280d460bebcd9154acca" }, { "ID": "npm@11.6.2", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.6.2", "UID": "24369bd226ea8fc5", "BOMRef": "pkg:npm/npm@11.6.2" }, "Version": "11.6.2", "Licenses": [ "Artistic-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/package.json", "Digest": "sha1:d6bc9f75c73d458b7b308a38ee9a9391fbd83b04" }, { "ID": "npm-audit-report@6.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@6.0.0", "UID": "b8a5abce26fc3d37", "BOMRef": "pkg:npm/npm-audit-report@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-audit-report/package.json", "Digest": "sha1:c6d99ebde23570472f511de67beedd2a9c0a21fb" }, { "ID": "npm-bundled@4.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@4.0.0", "UID": "cccfebb1b769d4c0", "BOMRef": "pkg:npm/npm-bundled@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-bundled/package.json", "Digest": "sha1:12ea20fbce124e65be448ec472b370cd1a4e4e9a" }, { "ID": "npm-install-checks@7.1.2", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@7.1.2", "UID": "b2122ffb947388bc", "BOMRef": "pkg:npm/npm-install-checks@7.1.2" }, "Version": "7.1.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-install-checks/package.json", "Digest": "sha1:52ed94975a6a5114ded7355615eecbca003fa139" }, { "ID": "npm-normalize-package-bin@4.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", "UID": "964c490f3740ff21", "BOMRef": "pkg:npm/npm-normalize-package-bin@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json", "Digest": "sha1:fd34d45c247025dea9a507fb9db4586afa05c732" }, { "ID": "npm-package-arg@13.0.1", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.1", "UID": "cc5f090b0d31e43f", "BOMRef": "pkg:npm/npm-package-arg@13.0.1" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-package-arg/package.json", "Digest": "sha1:a381d17d55aaf006600639a375b790c73d8e4f7e" }, { "ID": "npm-packlist@10.0.2", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.2", "UID": "b92a82c64b3e81d2", "BOMRef": "pkg:npm/npm-packlist@10.0.2" }, "Version": "10.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-packlist/package.json", "Digest": "sha1:79c1cf949293a2c40b820bb705fb33d6a20d249d" }, { "ID": "npm-pick-manifest@11.0.1", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.1", "UID": "4528304d43fbeb8c", "BOMRef": "pkg:npm/npm-pick-manifest@11.0.1" }, "Version": "11.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json", "Digest": "sha1:a798b711f9e66c3134e245bee2c549634583713f" }, { "ID": "npm-profile@12.0.0", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.0", "UID": "adb3c3f2edac80c4", "BOMRef": "pkg:npm/npm-profile@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-profile/package.json", "Digest": "sha1:7155fdd4afd5c21a85e5dc3053223cabc74adbe3" }, { "ID": "npm-registry-fetch@19.0.0", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.0.0", "UID": "5b07c0f825fc7055", "BOMRef": "pkg:npm/npm-registry-fetch@19.0.0" }, "Version": "19.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json", "Digest": "sha1:0edbb1a41148f0056036fa3ebc0677a5bc70c323" }, { "ID": "npm-user-validate@3.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@3.0.0", "UID": "856ff58c25e00461", "BOMRef": "pkg:npm/npm-user-validate@3.0.0" }, "Version": "3.0.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/npm-user-validate/package.json", "Digest": "sha1:cfea52638093ceccf3bea4e6f09bd9370943e8de" }, { "ID": "p-map@7.0.3", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.3", "UID": "60ec66ff41a1020", "BOMRef": "pkg:npm/p-map@7.0.3" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/p-map/package.json", "Digest": "sha1:95eec87c2f7ed9f31ccd295eb97b9ce9d98c58ed" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "c8f11f3242c70d6e", "BOMRef": "pkg:npm/package-json-from-dist@1.0.1" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/package-json-from-dist/package.json", "Digest": "sha1:d93947bd52021bb5f785613249e0e198a3b48025" }, { "ID": "pacote@21.0.3", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.0.3", "UID": "6207a4a7485c3e23", "BOMRef": "pkg:npm/pacote@21.0.3" }, "Version": "21.0.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/pacote/package.json", "Digest": "sha1:f4552e8ac648d87bd73028f236910019c6ff9436" }, { "ID": "parse-conflict-json@4.0.0", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@4.0.0", "UID": "766dacb3a0fc14b9", "BOMRef": "pkg:npm/parse-conflict-json@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/parse-conflict-json/package.json", "Digest": "sha1:8113361744ef993fc1945a13ab153adfe70513f8" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "910407f2e2927c92", "BOMRef": "pkg:npm/path-key@3.1.1" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-key/package.json", "Digest": "sha1:f330c46f59dbdd92dddf8a2cfc2c1569b469bdd2" }, { "ID": "path-scurry@1.11.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@1.11.1", "UID": "40b376af5bb8d1ec", "BOMRef": "pkg:npm/path-scurry@1.11.1" }, "Version": "1.11.1", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/path-scurry/package.json", "Digest": "sha1:57ceeacc9d50abbd7e370e6a697520cc0784baa6" }, { "ID": "path-scurry@2.0.0", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.0", "UID": "da5846ba4964dede", "BOMRef": "pkg:npm/path-scurry@2.0.0" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/path-scurry/package.json", "Digest": "sha1:1c1e6249d24017c9e0c2791a82542960476a565d" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "9d189af1f4343fcf", "BOMRef": "pkg:npm/picomatch@4.0.3" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "Digest": "sha1:d5b57c1efc38eb0545dbf3eaffe857ba94597f07" }, { "ID": "postcss-selector-parser@7.1.0", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.0", "UID": "fa25e52952d58478", "BOMRef": "pkg:npm/postcss-selector-parser@7.1.0" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json", "Digest": "sha1:f3dd4406c5202c089400fad7c71a0694fc8e85dc" }, { "ID": "prisma@5.4.2", "Name": "prisma", "Identifier": { "PURL": "pkg:npm/prisma@5.4.2", "UID": "7148f77a79599612", "BOMRef": "pkg:npm/prisma@5.4.2" }, "Version": "5.4.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:4ac89e35ae91e88fa80fc1497e77e7e0da8f6220ed30ac35c40eff0766536d27", "DiffID": "sha256:08f5f5edd437f19cd3c96a1a89f0f02a8b9c9e468ff7f478652151d4be3b19d9" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/node_modules/prisma/package.json", "Digest": "sha1:233149234d81830aa27b624c884739e1f8c7498b" }, { "ID": "prisma-binaries@1.0.0", "Name": "prisma-binaries", "Identifier": { "PURL": "pkg:npm/prisma-binaries@1.0.0", "UID": "18c4c5f8dfec61b0", "BOMRef": "pkg:npm/prisma-binaries@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:4ac89e35ae91e88fa80fc1497e77e7e0da8f6220ed30ac35c40eff0766536d27", "DiffID": "sha256:08f5f5edd437f19cd3c96a1a89f0f02a8b9c9e468ff7f478652151d4be3b19d9" }, "FilePath": "root/.cache/prisma-python/binaries/5.4.2/ac9d7041ed77bcc8a8dbd2ab6616b39013829574/package.json", "Digest": "sha1:13da9e1561789f778831c4ebefed1268d740601d" }, { "ID": "proc-log@5.0.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@5.0.0", "UID": "515fafce07e9a59d", "BOMRef": "pkg:npm/proc-log@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proc-log/package.json", "Digest": "sha1:ef77e00bb180e2d474ef8ec427d3ddb2dffe8b60" }, { "ID": "proggy@3.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@3.0.0", "UID": "3a83352e76d450b0", "BOMRef": "pkg:npm/proggy@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/proggy/package.json", "Digest": "sha1:6760b8196686e9576f1031286d5dcfda786943bd" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "765b4986c03a013d", "BOMRef": "pkg:npm/promise-all-reject-late@1.0.1" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json", "Digest": "sha1:c88aa929d83fb2bbf326f7c62103da6b8c48c4df" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "6a5556bf8f342e8d", "BOMRef": "pkg:npm/promise-call-limit@3.0.2" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-call-limit/package.json", "Digest": "sha1:27f3261a15e6ace571c3ad192e878cec1d9358c9" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "d7e2ff1a48b2abf", "BOMRef": "pkg:npm/promise-retry@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promise-retry/package.json", "Digest": "sha1:fc649cbedea73287db37a431e5761e9c0b4abca9" }, { "ID": "promzard@2.0.0", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@2.0.0", "UID": "3cc560d310a32d3b", "BOMRef": "pkg:npm/promzard@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/promzard/package.json", "Digest": "sha1:0907f5a36bfb56f2e11b39ed343ca6296e7a514d" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "278edd048db4df22", "BOMRef": "pkg:npm/qrcode-terminal@0.12.0" }, "Version": "0.12.0", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/qrcode-terminal/package.json", "Digest": "sha1:4a84ac3decfe9f31da851b98dedd698f935b83bc" }, { "ID": "read@4.1.0", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@4.1.0", "UID": "98e35d22b23afc07", "BOMRef": "pkg:npm/read@4.1.0" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read/package.json", "Digest": "sha1:537319f6c0eeaf2b59bae777fbda32e5bbce89ff" }, { "ID": "read-cmd-shim@5.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@5.0.0", "UID": "f2dbd28fbd2e5a91", "BOMRef": "pkg:npm/read-cmd-shim@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/read-cmd-shim/package.json", "Digest": "sha1:3ad7a2af8954f4df2e9ee3e8af8897fb9a49e894" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "635c210b7054a3eb", "BOMRef": "pkg:npm/retry@0.12.0" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/retry/package.json", "Digest": "sha1:10dd0941e4e65c436c4f7111efdb1679c966c478" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "993160b492b90e49", "BOMRef": "pkg:npm/safer-buffer@2.1.2" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/safer-buffer/package.json", "Digest": "sha1:5ed0fab8e5cac53e4d072acbd82fca9be08f5e67" }, { "ID": "semver@7.7.3", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.3", "UID": "90150bb76e264e0f", "BOMRef": "pkg:npm/semver@7.7.3" }, "Version": "7.7.3", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/semver/package.json", "Digest": "sha1:8b79d46abe6fc320567c34edb59ab3f88ed2f581" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "bcd8d49476c870b3", "BOMRef": "pkg:npm/shebang-command@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-command/package.json", "Digest": "sha1:2e2395a2e489846382e5cefdf011dcd7cacb82a5" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "4c804fa616cdf6f1", "BOMRef": "pkg:npm/shebang-regex@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/shebang-regex/package.json", "Digest": "sha1:4c10640951d12ad418aa40c29b550fdfe3d2567a" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "f8b52a000cc375f6", "BOMRef": "pkg:npm/signal-exit@4.1.0" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/signal-exit/package.json", "Digest": "sha1:7ed47a76d7f1a65c0920cbf3d9f09c4adb9cc961" }, { "ID": "sigstore@4.0.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.0.0", "UID": "81dd1409c9c2dab6", "BOMRef": "pkg:npm/sigstore@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/sigstore/package.json", "Digest": "sha1:1c44f720163162fc2718c509f7d62ffb85c37f04" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "1942c1742c660814", "BOMRef": "pkg:npm/smart-buffer@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/smart-buffer/package.json", "Digest": "sha1:a9db89be9421029bd73baf8199042a08253a0b59" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "974bdfcb181da64b", "BOMRef": "pkg:npm/socks@2.8.7" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks/package.json", "Digest": "sha1:c92d113f3614e8c725fc4de50c3312bdcde18258" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "b7ea13ca4fc581ae", "BOMRef": "pkg:npm/socks-proxy-agent@8.0.5" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json", "Digest": "sha1:a52f0cff949fd82f9e42d4214d2917964d7a9bdb" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "9fed0ebc44bffed6", "BOMRef": "pkg:npm/spdx-correct@3.2.0" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/package.json", "Digest": "sha1:a7a8f7467469c676a88934b972d08c03c9a4b7b4" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "fec3828d4a528f88", "BOMRef": "pkg:npm/spdx-exceptions@2.5.0" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-exceptions/package.json", "Digest": "sha1:0f731ec5551fde840e6213e20cd9fbdc53468290" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "1d4d149bd45d620e", "BOMRef": "b3b75de0-3886-4906-9670-2e8afdb8737e" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "6bcd930bf1b935ef", "BOMRef": "27e820c3-0051-432d-b181-d96a5ffe46d1" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:72082a3e9d4efe5a06c914b7ffa738f35b550ffb" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "f2ac406bcec99a4e", "BOMRef": "pkg:npm/spdx-expression-parse@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json", "Digest": "sha1:3f1b1059652d04327b6b0513080e242935399c30" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "6277a2d088f11cc7", "BOMRef": "pkg:npm/spdx-license-ids@3.0.22" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/spdx-license-ids/package.json", "Digest": "sha1:0c921a3dffa4e1c2bcfdf3559a7c1713090b08f2" }, { "ID": "ssri@12.0.0", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@12.0.0", "UID": "8d1dae2a4d53157d", "BOMRef": "pkg:npm/ssri@12.0.0" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/ssri/package.json", "Digest": "sha1:203926d505f969e44375e6a40942ce43ae490f44" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "1594444cdb76f35f", "BOMRef": "ce77ca5e-6312-4848-a549-fa347c080efa" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width-cjs/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "982a5bb84c74763a", "BOMRef": "fab2080a-b840-485d-a948-fb20867dc600" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/string-width/package.json", "Digest": "sha1:a5306c15bba6cb123d9f061ca85eb56576c6638f" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "9610cdd8966c818c", "BOMRef": "082c1bfa-c51a-41e4-bc58-a9196572fc31" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "31ff78a178376c1", "BOMRef": "7477fb1b-e58c-4337-beb1-6073183a9275" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/string-width/package.json", "Digest": "sha1:53ae7a1b3953e86624927fec8421d453d9c88e41" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "8ae4f6667aaaecde", "BOMRef": "6019dc81-4a2a-4efc-8858-27c928802b67" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi-cjs/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "d67f5a1519c087af", "BOMRef": "fe4dfa66-b43b-40df-835e-ec41d6d172a1" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/strip-ansi/package.json", "Digest": "sha1:892d549c672831716abe655f087946d2644f2852" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "246d3a6608d51bb5", "BOMRef": "7ff7908c-9cc5-4640-a4a3-d5c22d48590f" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "f1780a7360bd9784", "BOMRef": "fad937ca-50bd-4a57-ab17-2c1db5abb7cd" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json", "Digest": "sha1:89245990c45fdb9b9621796ada7340fff927507a" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "54c4ae9724c8b0cb", "BOMRef": "pkg:npm/supports-color@10.2.2" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/supports-color/package.json", "Digest": "sha1:ba4fdcabc29b4cd931da15c51981f96731bd1b1e" }, { "ID": "tar@7.5.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "Version": "7.5.1", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "Digest": "sha1:52eb40b4302177cfc878a983347577a800995b8d" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "67dbfd2ef29b4830", "BOMRef": "pkg:npm/text-table@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/text-table/package.json", "Digest": "sha1:f63faee888ad065881dff49fc3e3de8ac57b2ae2" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "129e1fdee47422a7", "BOMRef": "pkg:npm/tiny-relative-date@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tiny-relative-date/package.json", "Digest": "sha1:120561f313d4901b1dc03b2594ecc45cfe2ad550" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "e4c18a9343b2016b", "BOMRef": "pkg:npm/tinyglobby@0.2.15" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/package.json", "Digest": "sha1:811354c5cc4a6c4f64899ed3fcd9f91a7a36e857" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "504a0f2e3f7ff958", "BOMRef": "pkg:npm/treeverse@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/treeverse/package.json", "Digest": "sha1:83653dcf5b0c581f485febcbeb9152176632bed0" }, { "ID": "tuf-js@4.0.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.0.0", "UID": "aa5ef0596715ec6", "BOMRef": "pkg:npm/tuf-js@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tuf-js/package.json", "Digest": "sha1:74435c57b1bedbd99b226ec5e271676d2301e4a7" }, { "ID": "unique-filename@4.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@4.0.0", "UID": "5bd129f998ed98d1", "BOMRef": "pkg:npm/unique-filename@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-filename/package.json", "Digest": "sha1:7ab7ef7fed369084e86d0800e1861115c3ff1bcd" }, { "ID": "unique-slug@5.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@5.0.0", "UID": "5138895f718dc2c8", "BOMRef": "pkg:npm/unique-slug@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/unique-slug/package.json", "Digest": "sha1:6bfb7b3e3ad92a208217828bc65a87369999d06f" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "43a778a1ecd4f378", "BOMRef": "pkg:npm/util-deprecate@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/util-deprecate/package.json", "Digest": "sha1:2e69081e7bab6e09d3dcfd680716fdeea577431d" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "19dad1a7bdda6789", "BOMRef": "pkg:npm/validate-npm-package-license@3.0.4" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json", "Digest": "sha1:a938b65349aed1eb3852d98dc1a8431209faf99f" }, { "ID": "validate-npm-package-name@6.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@6.0.2", "UID": "105206ebb4286417", "BOMRef": "pkg:npm/validate-npm-package-name@6.0.2" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json", "Digest": "sha1:ed64b84be51c4d073f850831c7f9eaf3f0de6de6" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "d2e292b45e57fa2b", "BOMRef": "pkg:npm/walk-up-path@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/walk-up-path/package.json", "Digest": "sha1:5d1d771c0f7a60316cd0d039f38a9e6ce3b08b44" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "2a47a9a07d68f77c", "BOMRef": "pkg:npm/which@2.0.2" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/cross-spawn/node_modules/which/package.json", "Digest": "sha1:402837c5ba60f95b309957adc4657b8fe4fb1f05" }, { "ID": "which@5.0.0", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@5.0.0", "UID": "a20b4f9661ae791d", "BOMRef": "pkg:npm/which@5.0.0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/which/package.json", "Digest": "sha1:519f542417e96085fb8a1ad8d7a0f913155b5e56" }, { "ID": "wrap-ansi@7.0.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@7.0.0", "UID": "a4a42693fc239ca2", "BOMRef": "pkg:npm/wrap-ansi@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi-cjs/package.json", "Digest": "sha1:3442b7381f1b431861a986d8cdf144ced299db29" }, { "ID": "wrap-ansi@8.1.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@8.1.0", "UID": "2091791d4ccea0bc", "BOMRef": "pkg:npm/wrap-ansi@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/wrap-ansi/package.json", "Digest": "sha1:c14f366cb2c71b662f7edb2dcf7370a513fc641f" }, { "ID": "write-file-atomic@6.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@6.0.0", "UID": "b0bd0cd6a4ae98fc", "BOMRef": "pkg:npm/write-file-atomic@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/write-file-atomic/package.json", "Digest": "sha1:46f2584772ee8056a9e471fdec44718b3645c7f4" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "4e5ba4895903be7", "BOMRef": "pkg:npm/yallist@4.0.0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/yallist/package.json", "Digest": "sha1:d6a16b480cbd582f969b3d0ed89a157316268d10" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "203c8c64cafa6bea", "BOMRef": "pkg:npm/yallist@5.0.0" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/node_modules/yallist/package.json", "Digest": "sha1:4eaebb818148fd3bcc27e1aef2d88497999f675e" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-25547", "VendorIDs": [ "GHSA-7h2j-956f-4vf2" ], "PkgID": "@isaacs/brace-expansion@5.0.0", "PkgName": "@isaacs/brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@isaacs/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "98d74c73ccd6983b", "BOMRef": "pkg:npm/%40isaacs/brace-expansion@5.0.0" }, "InstalledVersion": "5.0.0", "FixedVersion": "5.0.1", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8c9fec9f313dde9febd2d029e81417290d3c5c72d5378920794ba43aea0cbe5a", "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25547", "https://github.com/isaacs/brace-expansion", "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", "https://www.cve.org/CVERecord?id=CVE-2026-25547" ], "PublishedDate": "2026-02-04T22:16:00.813Z", "LastModifiedDate": "2026-02-05T14:57:20.563Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@2.0.2", "PkgName": "brace-expansion", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/brace-expansion/package.json", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "b742247002de60c2", "BOMRef": "pkg:npm/brace-expansion@2.0.2" }, "InstalledVersion": "2.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bb96fe6940d56fdb797dc6566d5087686f0466d17fe4ea325b0d64c25245a237", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@8.0.2", "PkgName": "diff", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/diff/package.json", "PkgIdentifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "1894ff8e5020deb9", "BOMRef": "pkg:npm/diff@8.0.2" }, "InstalledVersion": "8.0.2", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b662062a3b909e87aa664ee2c4c2de0aecf19512c1c2e39b1fa53bd4152df149", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@10.4.5", "PkgName": "glob", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json", "PkgIdentifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "a00af3c63f33d8ab", "BOMRef": "pkg:npm/glob@10.4.5" }, "InstalledVersion": "10.4.5", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b7b41c3b0456a40cdd0de150b740a0ce042236db95fff2cb113efbb67a4a0687", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@11.0.3", "PkgName": "glob", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/glob/package.json", "PkgIdentifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "a6a72c4895ad041d", "BOMRef": "pkg:npm/glob@11.0.3" }, "InstalledVersion": "11.0.3", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bae1cfcb914b94c6707f53d79af06d7cf1f7498045f888692ccc98776f9b7ab5", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f0babdce065c5efb", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3ef77044ef1ebb43807fc4d40f34b89a4a1f630ff2e90692c96c2396de7b8204", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f0babdce065c5efb", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e3a059c7f994f4fc2d7980a6e36460c4e4c192ba3705c8a84f65eed60be2fc38", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "f0babdce065c5efb", "BOMRef": "pkg:npm/minimatch@10.0.3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:de88e8f014e0341fb8850f0074b4cddc03a308b9fe2abe1c7ed512590bf0cfe5", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "806ae6999ebc28d8", "BOMRef": "39b4eddf-f08e-4bdb-b1db-b4a049ad9ca8" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "8c2de706ca1e3f8", "BOMRef": "942943d9-39bf-4cbc-808b-9e19fb8be67b" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4df08e247b98ff0a129d69ca18fbecb5c041eea6d01ac05d4c75b5de6eb22ed6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "806ae6999ebc28d8", "BOMRef": "39b4eddf-f08e-4bdb-b1db-b4a049ad9ca8" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "8c2de706ca1e3f8", "BOMRef": "942943d9-39bf-4cbc-808b-9e19fb8be67b" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:22a353d99994d52ec4014598361d191bc910dd717159ef5460b4c5feda536b4e", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/@tufjs/models/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "806ae6999ebc28d8", "BOMRef": "39b4eddf-f08e-4bdb-b1db-b4a049ad9ca8" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "8c2de706ca1e3f8", "BOMRef": "942943d9-39bf-4cbc-808b-9e19fb8be67b" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f7712b66150c2da11f017da8c8581d69ea0c522439dabde11c46cbbe01244389", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "9d189af1f4343fcf", "BOMRef": "pkg:npm/picomatch@4.0.3" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:207ad269915973ca2f23d010cda47be6c0642612083c33e920cc47d603f2821d", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tinyglobby/node_modules/picomatch/package.json", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "9d189af1f4343fcf", "BOMRef": "pkg:npm/picomatch@4.0.3" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2f6677f54143717bdb7617fbb22baa2470965a5f811541d2db8e4696d970e0cc", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0dea88a545e0d4bde2da8018be7bc80b7499d8daf4c4ca9bd0829609f916bcd8", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:afe62403e307bcb4c97b9c51ae51daeec3433773d8036f2a1b568b51af3d7ede", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.7", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:285fb464186a1e4cafbe7860f9c98718f7ce7f25615b20164d911b2c55c6850f", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8f743528f119fa688684c2f972891edbbbd6fe7a3c7e82e9a60686b43a5e8966", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:dd689610e9bf26cc1d7f622c293dad96dad8b1ed76a595ef4ea572395296e97e", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ca72230b218b64769b649eb6039231d866eeb4dd1ea37afb9a46958e72ee5744", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2025-64118", "VendorIDs": [ "GHSA-29xp-372q-xqph" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgPath": "usr/lib/python3.13/site-packages/nodejs_wheel/lib/node_modules/npm/node_modules/tar/package.json", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a56d3c57ec852371", "BOMRef": "pkg:npm/tar@7.5.1" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:969265184e78ae941aaecb6a19cd16f57efd033c143f8844bd951387ae1e6b4a", "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-367" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "V40Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64118", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", "https://github.com/isaacs/node-tar/issues/445", "https://github.com/isaacs/node-tar/pull/446", "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", "https://www.cve.org/CVERecord?id=CVE-2025-64118" ], "PublishedDate": "2025-10-30T18:15:33.673Z", "LastModifiedDate": "2025-11-04T15:41:56.843Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "ID": "APScheduler@3.10.4", "Name": "APScheduler", "Identifier": { "PURL": "pkg:pypi/apscheduler@3.10.4", "UID": "10c037eda70a7a60", "BOMRef": "pkg:pypi/apscheduler@3.10.4" }, "Version": "3.10.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/APScheduler-3.10.4.dist-info/METADATA", "Digest": "sha1:3c645283c329748c21fee30a0a21ea492988d52f" }, { "ID": "Deprecated@1.3.1", "Name": "Deprecated", "Identifier": { "PURL": "pkg:pypi/deprecated@1.3.1", "UID": "f1a14c4e43d2b82d", "BOMRef": "pkg:pypi/deprecated@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/deprecated-1.3.1.dist-info/METADATA", "Digest": "sha1:109990e0106e9872d6bf3486d1fa574730d1c717" }, { "ID": "Jinja2@3.1.6", "Name": "Jinja2", "Identifier": { "PURL": "pkg:pypi/jinja2@3.1.6", "UID": "583553cf14a3be7c", "BOMRef": "pkg:pypi/jinja2@3.1.6" }, "Version": "3.1.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jinja2-3.1.6.dist-info/METADATA", "Digest": "sha1:01c4dcfd579104dd8f5b937e1511e9371b4367d3" }, { "ID": "MarkupSafe@3.0.3", "Name": "MarkupSafe", "Identifier": { "PURL": "pkg:pypi/markupsafe@3.0.3", "UID": "1c3e6f96defae549", "BOMRef": "pkg:pypi/markupsafe@3.0.3" }, "Version": "3.0.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/markupsafe-3.0.3.dist-info/METADATA", "Digest": "sha1:8ada20dd783a9961d87701f2cd25b0880f23993e" }, { "ID": "PyJWT@2.10.1", "Name": "PyJWT", "Identifier": { "PURL": "pkg:pypi/pyjwt@2.10.1", "UID": "fd5c864fb9f93e30", "BOMRef": "pkg:pypi/pyjwt@2.10.1" }, "Version": "2.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/PyJWT-2.10.1.dist-info/METADATA", "Digest": "sha1:9b853963468881a7cc9764160e5e44401f888dae" }, { "ID": "PyNaCl@1.6.2", "Name": "PyNaCl", "Identifier": { "PURL": "pkg:pypi/pynacl@1.6.2", "UID": "8ea78f2c6851af1b", "BOMRef": "pkg:pypi/pynacl@1.6.2" }, "Version": "1.6.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pynacl-1.6.2.dist-info/METADATA", "Digest": "sha1:51eed4f0f5e4d39bc532c4157c5a3982308b842c" }, { "ID": "PyYAML@6.0.2", "Name": "PyYAML", "Identifier": { "PURL": "pkg:pypi/pyyaml@6.0.2", "UID": "f13543a78c9a45ba", "BOMRef": "pkg:pypi/pyyaml@6.0.2" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/PyYAML-6.0.2.dist-info/METADATA", "Digest": "sha1:019874e22eba3861f59a9ab72f17f58e8b504cf4" }, { "ID": "Pygments@2.19.2", "Name": "Pygments", "Identifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "6c339d3d6f0b189c", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "Version": "2.19.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "Digest": "sha1:afee6b8cae57db32719d0559389750d7923f0605" }, { "ID": "Werkzeug@3.1.5", "Name": "Werkzeug", "Identifier": { "PURL": "pkg:pypi/werkzeug@3.1.5", "UID": "e8aff0bccc8e2b2e", "BOMRef": "pkg:pypi/werkzeug@3.1.5" }, "Version": "3.1.5", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/werkzeug-3.1.5.dist-info/METADATA", "Digest": "sha1:5a19d56ed83b00d25d66542b1f3406ffb8dc4bbd" }, { "ID": "a2a-sdk@0.3.22", "Name": "a2a-sdk", "Identifier": { "PURL": "pkg:pypi/a2a-sdk@0.3.22", "UID": "ebd16725266982eb", "BOMRef": "pkg:pypi/a2a-sdk@0.3.22" }, "Version": "0.3.22", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/a2a_sdk-0.3.22.dist-info/METADATA", "Digest": "sha1:d23cb653619fcfa1339156a6f53f79ae5d7a2ff6" }, { "ID": "aioboto3@15.5.0", "Name": "aioboto3", "Identifier": { "PURL": "pkg:pypi/aioboto3@15.5.0", "UID": "96558a18c577bf00", "BOMRef": "pkg:pypi/aioboto3@15.5.0" }, "Version": "15.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aioboto3-15.5.0.dist-info/METADATA", "Digest": "sha1:ffd08838a16b51a1cb1807dde93c8b0f990244f5" }, { "ID": "aiobotocore@2.25.1", "Name": "aiobotocore", "Identifier": { "PURL": "pkg:pypi/aiobotocore@2.25.1", "UID": "498ab8f16e86f17d", "BOMRef": "pkg:pypi/aiobotocore@2.25.1" }, "Version": "2.25.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aiobotocore-2.25.1.dist-info/METADATA", "Digest": "sha1:ba7a88ae15a977227d960e17f3cbdb740f04fbfe" }, { "ID": "aiofiles@24.1.0", "Name": "aiofiles", "Identifier": { "PURL": "pkg:pypi/aiofiles@24.1.0", "UID": "345be07c994b540f", "BOMRef": "pkg:pypi/aiofiles@24.1.0" }, "Version": "24.1.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/aiofiles-24.1.0.dist-info/METADATA", "Digest": "sha1:1fee4c4fef706c9737b9ce8e245bbd8dae4e4d16" }, { "ID": "aiohappyeyeballs@2.6.1", "Name": "aiohappyeyeballs", "Identifier": { "PURL": "pkg:pypi/aiohappyeyeballs@2.6.1", "UID": "338395a99c643cfc", "BOMRef": "pkg:pypi/aiohappyeyeballs@2.6.1" }, "Version": "2.6.1", "Licenses": [ "Python-Software-Foundation-License" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aiohappyeyeballs-2.6.1.dist-info/METADATA", "Digest": "sha1:01343f4e8b1584084c09e049bd83675272d9e757" }, { "ID": "aiohttp@3.13.3", "Name": "aiohttp", "Identifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "Version": "3.13.3", "Licenses": [ "Apache-2.0 AND MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "Digest": "sha1:63d65762ed8ded0c65362a1b04e4245d6ab9f170" }, { "ID": "aioitertools@0.13.0", "Name": "aioitertools", "Identifier": { "PURL": "pkg:pypi/aioitertools@0.13.0", "UID": "14c150691745ef7b", "BOMRef": "pkg:pypi/aioitertools@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aioitertools-0.13.0.dist-info/METADATA", "Digest": "sha1:110d571c90f132b20fc32b46c28c3c95b1c7aa94" }, { "ID": "aiosignal@1.4.0", "Name": "aiosignal", "Identifier": { "PURL": "pkg:pypi/aiosignal@1.4.0", "UID": "8e3430798e7749cc", "BOMRef": "pkg:pypi/aiosignal@1.4.0" }, "Version": "1.4.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/aiosignal-1.4.0.dist-info/METADATA", "Digest": "sha1:8752e41cfbbc924405ef6bf9a9ff761cb9a6dbe3" }, { "ID": "annotated-doc@0.0.4", "Name": "annotated-doc", "Identifier": { "PURL": "pkg:pypi/annotated-doc@0.0.4", "UID": "a7874e4c23b8035b", "BOMRef": "pkg:pypi/annotated-doc@0.0.4" }, "Version": "0.0.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_doc-0.0.4.dist-info/METADATA", "Digest": "sha1:24d32962e4742a901653d9fe5563c40221ddc6fa" }, { "ID": "annotated-types@0.7.0", "Name": "annotated-types", "Identifier": { "PURL": "pkg:pypi/annotated-types@0.7.0", "UID": "e09b398364995744", "BOMRef": "pkg:pypi/annotated-types@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/annotated_types-0.7.0.dist-info/METADATA", "Digest": "sha1:b11011181822ac765c9f66c8aa42c26952de6a96" }, { "ID": "anthropic@0.54.0", "Name": "anthropic", "Identifier": { "PURL": "pkg:pypi/anthropic@0.54.0", "UID": "fe275a4258975170", "BOMRef": "pkg:pypi/anthropic@0.54.0" }, "Version": "0.54.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/anthropic-0.54.0.dist-info/METADATA", "Digest": "sha1:7f700d1b4730958f468871fb28a2f4d416f8ed20" }, { "ID": "anyio@4.8.0", "Name": "anyio", "Identifier": { "PURL": "pkg:pypi/anyio@4.8.0", "UID": "c872584042638b06", "BOMRef": "pkg:pypi/anyio@4.8.0" }, "Version": "4.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/anyio-4.8.0.dist-info/METADATA", "Digest": "sha1:12b3a6bb5ce68bac1fe5abd01d80d367c0688db2" }, { "ID": "async-generator@1.10", "Name": "async-generator", "Identifier": { "PURL": "pkg:pypi/async-generator@1.10", "UID": "3d6bdc437bbcdc12", "BOMRef": "pkg:pypi/async-generator@1.10" }, "Version": "1.10", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/async_generator-1.10.dist-info/METADATA", "Digest": "sha1:f4fa19d3f3bef3e3604acc54b00e8b8c50ad31c0" }, { "ID": "attrs@25.4.0", "Name": "attrs", "Identifier": { "PURL": "pkg:pypi/attrs@25.4.0", "UID": "2dde5e238f03f71c", "BOMRef": "pkg:pypi/attrs@25.4.0" }, "Version": "25.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/attrs-25.4.0.dist-info/METADATA", "Digest": "sha1:9e593ab8f12d14d819a81ca9c41b9df0b4864a59" }, { "ID": "aurelio-sdk@0.0.19", "Name": "aurelio-sdk", "Identifier": { "PURL": "pkg:pypi/aurelio-sdk@0.0.19", "UID": "c9d44eca5aefbe0d", "BOMRef": "pkg:pypi/aurelio-sdk@0.0.19" }, "Version": "0.0.19", "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/aurelio_sdk-0.0.19.dist-info/METADATA", "Digest": "sha1:bfe4c91a1633b0aa53f4fd1c5bd9f0e22eedfb7a" }, { "ID": "azure-ai-contentsafety@1.0.0", "Name": "azure-ai-contentsafety", "Identifier": { "PURL": "pkg:pypi/azure-ai-contentsafety@1.0.0", "UID": "8fd1a4f87f3ba64e", "BOMRef": "pkg:pypi/azure-ai-contentsafety@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_ai_contentsafety-1.0.0.dist-info/METADATA", "Digest": "sha1:45cc94c9f0a17e313b00a13f7b0f9682654e0feb" }, { "ID": "azure-core@1.38.0", "Name": "azure-core", "Identifier": { "PURL": "pkg:pypi/azure-core@1.38.0", "UID": "38ec54b638f569f2", "BOMRef": "pkg:pypi/azure-core@1.38.0" }, "Version": "1.38.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_core-1.38.0.dist-info/METADATA", "Digest": "sha1:e238bbd306f50f93ae1a5fa41184f3425c9c266b" }, { "ID": "azure-identity@1.16.1", "Name": "azure-identity", "Identifier": { "PURL": "pkg:pypi/azure-identity@1.16.1", "UID": "d126e6af5e7bd7a9", "BOMRef": "pkg:pypi/azure-identity@1.16.1" }, "Version": "1.16.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_identity-1.16.1.dist-info/METADATA", "Digest": "sha1:68fdde1864f6c107e1306f736d9b5fefa2acf3a1" }, { "ID": "azure-keyvault@4.2.0", "Name": "azure-keyvault", "Identifier": { "PURL": "pkg:pypi/azure-keyvault@4.2.0", "UID": "eaaf07d2f77229aa", "BOMRef": "pkg:pypi/azure-keyvault@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault-4.2.0.dist-info/METADATA", "Digest": "sha1:5da0d813613844740604dfa0c820222a54853a3a" }, { "ID": "azure-keyvault-certificates@4.10.0", "Name": "azure-keyvault-certificates", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-certificates@4.10.0", "UID": "90ffcff868430edf", "BOMRef": "pkg:pypi/azure-keyvault-certificates@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_certificates-4.10.0.dist-info/METADATA", "Digest": "sha1:8227ff63178e8f5a07e66f234d8c296b189f855b" }, { "ID": "azure-keyvault-keys@4.11.0", "Name": "azure-keyvault-keys", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-keys@4.11.0", "UID": "eda8385fc46dbcd0", "BOMRef": "pkg:pypi/azure-keyvault-keys@4.11.0" }, "Version": "4.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_keys-4.11.0.dist-info/METADATA", "Digest": "sha1:61e25dca1cb98e731337b756f4e1bb129413c496" }, { "ID": "azure-keyvault-secrets@4.10.0", "Name": "azure-keyvault-secrets", "Identifier": { "PURL": "pkg:pypi/azure-keyvault-secrets@4.10.0", "UID": "d5327b997d80bfed", "BOMRef": "pkg:pypi/azure-keyvault-secrets@4.10.0" }, "Version": "4.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_keyvault_secrets-4.10.0.dist-info/METADATA", "Digest": "sha1:5a8061494c1c50c49fa47eace47c117fe193a0b4" }, { "ID": "azure-storage-blob@12.28.0", "Name": "azure-storage-blob", "Identifier": { "PURL": "pkg:pypi/azure-storage-blob@12.28.0", "UID": "9af8c2d35ad8833c", "BOMRef": "pkg:pypi/azure-storage-blob@12.28.0" }, "Version": "12.28.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_blob-12.28.0.dist-info/METADATA", "Digest": "sha1:20e7abbd2536ed3374cf440f144cf9ca5c0fb098" }, { "ID": "azure-storage-file-datalake@12.20.0", "Name": "azure-storage-file-datalake", "Identifier": { "PURL": "pkg:pypi/azure-storage-file-datalake@12.20.0", "UID": "895b47d752dfe99", "BOMRef": "pkg:pypi/azure-storage-file-datalake@12.20.0" }, "Version": "12.20.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/azure_storage_file_datalake-12.20.0.dist-info/METADATA", "Digest": "sha1:cc8ebe204539019788e04a26f2510c35575928c2" }, { "ID": "backoff@2.2.1", "Name": "backoff", "Identifier": { "PURL": "pkg:pypi/backoff@2.2.1", "UID": "2fd8bff0e6c26c3f", "BOMRef": "pkg:pypi/backoff@2.2.1" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/backoff-2.2.1.dist-info/METADATA", "Digest": "sha1:ea8b96e2947c9fed16b9c4075c30113fe09fac98" }, { "ID": "boto3@1.40.53", "Name": "boto3", "Identifier": { "PURL": "pkg:pypi/boto3@1.40.53", "UID": "49bf8b4aef42d2cd", "BOMRef": "pkg:pypi/boto3@1.40.53" }, "Version": "1.40.53", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/boto3-1.40.53.dist-info/METADATA", "Digest": "sha1:c3cd02ceff510cd405a1b3690f7bf4d54939faf8" }, { "ID": "botocore@1.40.61", "Name": "botocore", "Identifier": { "PURL": "pkg:pypi/botocore@1.40.61", "UID": "ad6da5682b6b73a1", "BOMRef": "pkg:pypi/botocore@1.40.61" }, "Version": "1.40.61", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/botocore-1.40.61.dist-info/METADATA", "Digest": "sha1:c384355d82af3168472f016558ed2f2e1c77cb85" }, { "ID": "bytecode@0.17.0", "Name": "bytecode", "Identifier": { "PURL": "pkg:pypi/bytecode@0.17.0", "UID": "68d7c53facc38d8d", "BOMRef": "pkg:pypi/bytecode@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/bytecode-0.17.0.dist-info/METADATA", "Digest": "sha1:65fc4772a46510a0f6186e951e866f5e306a8122" }, { "ID": "certifi@2026.1.4", "Name": "certifi", "Identifier": { "PURL": "pkg:pypi/certifi@2026.1.4", "UID": "c4a7f3d7b525cb23", "BOMRef": "pkg:pypi/certifi@2026.1.4" }, "Version": "2026.1.4", "Licenses": [ "MPL-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/certifi-2026.1.4.dist-info/METADATA", "Digest": "sha1:fac3d36143e733dcfc1d3255e3321dd98f4376cc" }, { "ID": "cffi@2.0.0", "Name": "cffi", "Identifier": { "PURL": "pkg:pypi/cffi@2.0.0", "UID": "6a4ca67eec3514a9", "BOMRef": "pkg:pypi/cffi@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/cffi-2.0.0.dist-info/METADATA", "Digest": "sha1:87e9c9d276c4f4c31f5a314d6a5472f45655674c" }, { "ID": "charset-normalizer@3.4.4", "Name": "charset-normalizer", "Identifier": { "PURL": "pkg:pypi/charset-normalizer@3.4.4", "UID": "c7baa3bb107b2252", "BOMRef": "pkg:pypi/charset-normalizer@3.4.4" }, "Version": "3.4.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/charset_normalizer-3.4.4.dist-info/METADATA", "Digest": "sha1:b4512da50486c7909da3992f8d8b67052b9fc03e" }, { "ID": "click@8.1.7", "Name": "click", "Identifier": { "PURL": "pkg:pypi/click@8.1.7", "UID": "5b8136f7d6a5e4ed", "BOMRef": "pkg:pypi/click@8.1.7" }, "Version": "8.1.7", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/click-8.1.7.dist-info/METADATA", "Digest": "sha1:5c33361d71534572b6d2d3edd15ac9bad78b59c6" }, { "ID": "coloredlogs@15.0.1", "Name": "coloredlogs", "Identifier": { "PURL": "pkg:pypi/coloredlogs@15.0.1", "UID": "a328b62edb385380", "BOMRef": "pkg:pypi/coloredlogs@15.0.1" }, "Version": "15.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/coloredlogs-15.0.1.dist-info/METADATA", "Digest": "sha1:79d72bae2e23b677e384dedda06c6e922912aac1" }, { "ID": "colorlog@6.10.1", "Name": "colorlog", "Identifier": { "PURL": "pkg:pypi/colorlog@6.10.1", "UID": "56666570a471f36f", "BOMRef": "pkg:pypi/colorlog@6.10.1" }, "Version": "6.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/colorlog-6.10.1.dist-info/METADATA", "Digest": "sha1:1e483d118fd419ad747606c4077726b5c4eb324e" }, { "ID": "cryptography@44.0.1", "Name": "cryptography", "Identifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "1d0185c1f344527", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "Version": "44.0.1", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "Digest": "sha1:aef76b643d459e44dcfef3e674e4b6f562ba0d59" }, { "ID": "ddtrace@2.19.0", "Name": "ddtrace", "Identifier": { "PURL": "pkg:pypi/ddtrace@2.19.0", "UID": "4577f2a7eb5b8ab6", "BOMRef": "pkg:pypi/ddtrace@2.19.0" }, "Version": "2.19.0", "Licenses": [ "LICENSE.BSD3" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/ddtrace-2.19.0.dist-info/METADATA", "Digest": "sha1:2ebcd7579775a117bf5f63f482aaee4629f69fe4" }, { "ID": "detect-secrets@1.5.0", "Name": "detect-secrets", "Identifier": { "PURL": "pkg:pypi/detect-secrets@1.5.0", "UID": "43352e9e2f941f7c", "BOMRef": "pkg:pypi/detect-secrets@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/detect_secrets-1.5.0.dist-info/METADATA", "Digest": "sha1:7d1969bbb2f0319f127b480fe77211aa27750fe0" }, { "ID": "distro@1.9.0", "Name": "distro", "Identifier": { "PURL": "pkg:pypi/distro@1.9.0", "UID": "d2def86a89cf5ba2", "BOMRef": "pkg:pypi/distro@1.9.0" }, "Version": "1.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/distro-1.9.0.dist-info/METADATA", "Digest": "sha1:ce14620cf14e15a64d2ff574796543f99619e7f3" }, { "ID": "dnspython@2.8.0", "Name": "dnspython", "Identifier": { "PURL": "pkg:pypi/dnspython@2.8.0", "UID": "678f11222ac2a34", "BOMRef": "pkg:pypi/dnspython@2.8.0" }, "Version": "2.8.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/dnspython-2.8.0.dist-info/METADATA", "Digest": "sha1:360d6b80b919fa0fc9e41d101229c937531c4eae" }, { "ID": "docstring_parser@0.17.0", "Name": "docstring_parser", "Identifier": { "PURL": "pkg:pypi/docstring-parser@0.17.0", "UID": "c62eb37ba13ae584", "BOMRef": "pkg:pypi/docstring-parser@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/docstring_parser-0.17.0.dist-info/METADATA", "Digest": "sha1:323acb9780928a71e223759cfc8be2793bec7072" }, { "ID": "email-validator@2.3.0", "Name": "email-validator", "Identifier": { "PURL": "pkg:pypi/email-validator@2.3.0", "UID": "5fa0d5811bc9a789", "BOMRef": "pkg:pypi/email-validator@2.3.0" }, "Version": "2.3.0", "Licenses": [ "Unlicense" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/email_validator-2.3.0.dist-info/METADATA", "Digest": "sha1:8142c15247202bec284e8950c96b7f43b35ca5bc" }, { "ID": "envier@0.6.1", "Name": "envier", "Identifier": { "PURL": "pkg:pypi/envier@0.6.1", "UID": "d3945a64743c8d6c", "BOMRef": "pkg:pypi/envier@0.6.1" }, "Version": "0.6.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/envier-0.6.1.dist-info/METADATA", "Digest": "sha1:ecb20fe2699b6e8934bacad17926b535edc4ec40" }, { "ID": "fastapi@0.120.1", "Name": "fastapi", "Identifier": { "PURL": "pkg:pypi/fastapi@0.120.1", "UID": "f39a2d77739251d1", "BOMRef": "pkg:pypi/fastapi@0.120.1" }, "Version": "0.120.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi-0.120.1.dist-info/METADATA", "Digest": "sha1:dea486b90696587ab48cbda958327ec048f93eb3" }, { "ID": "fastapi-sso@0.19.0", "Name": "fastapi-sso", "Identifier": { "PURL": "pkg:pypi/fastapi-sso@0.19.0", "UID": "e97bab565320f36d", "BOMRef": "pkg:pypi/fastapi-sso@0.19.0" }, "Version": "0.19.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/fastapi_sso-0.19.0.dist-info/METADATA", "Digest": "sha1:f08f145ee8c7c5c113436e3ba3fb8f1081e8a6fc" }, { "ID": "fastuuid@0.13.5", "Name": "fastuuid", "Identifier": { "PURL": "pkg:pypi/fastuuid@0.13.5", "UID": "d936a56a8413c622", "BOMRef": "pkg:pypi/fastuuid@0.13.5" }, "Version": "0.13.5", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/fastuuid-0.13.5.dist-info/METADATA", "Digest": "sha1:589a21152a88244902586741669f828037c88a4f" }, { "ID": "filelock@3.20.3", "Name": "filelock", "Identifier": { "PURL": "pkg:pypi/filelock@3.20.3", "UID": "2a74fb2ee6304bc3", "BOMRef": "pkg:pypi/filelock@3.20.3" }, "Version": "3.20.3", "Licenses": [ "Unlicense" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/filelock-3.20.3.dist-info/METADATA", "Digest": "sha1:059d047f0b93d3e1a31f4dec68b60d92a892aca5" }, { "ID": "frozenlist@1.8.0", "Name": "frozenlist", "Identifier": { "PURL": "pkg:pypi/frozenlist@1.8.0", "UID": "363b735eff449219", "BOMRef": "pkg:pypi/frozenlist@1.8.0" }, "Version": "1.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/frozenlist-1.8.0.dist-info/METADATA", "Digest": "sha1:4a37873aab1c5eaffcecd2aa93be12e9e4b2a19c" }, { "ID": "fsspec@2026.2.0", "Name": "fsspec", "Identifier": { "PURL": "pkg:pypi/fsspec@2026.2.0", "UID": "4a1bcda5039d0d39", "BOMRef": "pkg:pypi/fsspec@2026.2.0" }, "Version": "2026.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/fsspec-2026.2.0.dist-info/METADATA", "Digest": "sha1:cd54bba9ec98bc422bda0b342e83ea43099aa174" }, { "ID": "google-api-core@2.29.0", "Name": "google-api-core", "Identifier": { "PURL": "pkg:pypi/google-api-core@2.29.0", "UID": "956f3c8a0f2f2351", "BOMRef": "pkg:pypi/google-api-core@2.29.0" }, "Version": "2.29.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_api_core-2.29.0.dist-info/METADATA", "Digest": "sha1:af9ca366952256ccc0b867dcecbc332949719aa7" }, { "ID": "google-auth@2.48.0", "Name": "google-auth", "Identifier": { "PURL": "pkg:pypi/google-auth@2.48.0", "UID": "9be4d487506df662", "BOMRef": "pkg:pypi/google-auth@2.48.0" }, "Version": "2.48.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_auth-2.48.0.dist-info/METADATA", "Digest": "sha1:fd3435e29361652b2f4e7fd3e2297c149025e051" }, { "ID": "google-cloud-aiplatform@1.133.0", "Name": "google-cloud-aiplatform", "Identifier": { "PURL": "pkg:pypi/google-cloud-aiplatform@1.133.0", "UID": "fa24ce1d1c90e600", "BOMRef": "pkg:pypi/google-cloud-aiplatform@1.133.0" }, "Version": "1.133.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_aiplatform-1.133.0.dist-info/METADATA", "Digest": "sha1:23483b425b0649936a17defd0158d0f6c03ca503" }, { "ID": "google-cloud-bigquery@3.40.0", "Name": "google-cloud-bigquery", "Identifier": { "PURL": "pkg:pypi/google-cloud-bigquery@3.40.0", "UID": "e8eb59e1d9266762", "BOMRef": "pkg:pypi/google-cloud-bigquery@3.40.0" }, "Version": "3.40.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_bigquery-3.40.0.dist-info/METADATA", "Digest": "sha1:d2dfe52cd3b946c33538297e0619fa279fff99ca" }, { "ID": "google-cloud-core@2.5.0", "Name": "google-cloud-core", "Identifier": { "PURL": "pkg:pypi/google-cloud-core@2.5.0", "UID": "9aeb172622a8447", "BOMRef": "pkg:pypi/google-cloud-core@2.5.0" }, "Version": "2.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_core-2.5.0.dist-info/METADATA", "Digest": "sha1:2353786cf89c5a50fc3a68db6736b632754e1b76" }, { "ID": "google-cloud-iam@2.19.1", "Name": "google-cloud-iam", "Identifier": { "PURL": "pkg:pypi/google-cloud-iam@2.19.1", "UID": "6e50dfc6dfe28d9f", "BOMRef": "pkg:pypi/google-cloud-iam@2.19.1" }, "Version": "2.19.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_iam-2.19.1.dist-info/METADATA", "Digest": "sha1:28391d5c4dd89160b13ec2ef8c597d3164c4c91a" }, { "ID": "google-cloud-resource-manager@1.16.0", "Name": "google-cloud-resource-manager", "Identifier": { "PURL": "pkg:pypi/google-cloud-resource-manager@1.16.0", "UID": "dc0b3cf679791db2", "BOMRef": "pkg:pypi/google-cloud-resource-manager@1.16.0" }, "Version": "1.16.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_resource_manager-1.16.0.dist-info/METADATA", "Digest": "sha1:94bdb211cfd6933e89c9e8f1833e3fcb28caae26" }, { "ID": "google-cloud-storage@3.9.0", "Name": "google-cloud-storage", "Identifier": { "PURL": "pkg:pypi/google-cloud-storage@3.9.0", "UID": "b5b110c099bef237", "BOMRef": "pkg:pypi/google-cloud-storage@3.9.0" }, "Version": "3.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_cloud_storage-3.9.0.dist-info/METADATA", "Digest": "sha1:08b50a67c834baff46cb246b9b9d9d6c90ad3a65" }, { "ID": "google-crc32c@1.8.0", "Name": "google-crc32c", "Identifier": { "PURL": "pkg:pypi/google-crc32c@1.8.0", "UID": "d386f4dc4b1b1fbe", "BOMRef": "pkg:pypi/google-crc32c@1.8.0" }, "Version": "1.8.0", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_crc32c-1.8.0.dist-info/METADATA", "Digest": "sha1:740ce2636255b7035fbcef210995df5b4484e1b3" }, { "ID": "google-genai@1.37.0", "Name": "google-genai", "Identifier": { "PURL": "pkg:pypi/google-genai@1.37.0", "UID": "90440e2abe562b12", "BOMRef": "pkg:pypi/google-genai@1.37.0" }, "Version": "1.37.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_genai-1.37.0.dist-info/METADATA", "Digest": "sha1:3399706a56fa0d50853cb580a1e032f80a3d4654" }, { "ID": "google-resumable-media@2.8.0", "Name": "google-resumable-media", "Identifier": { "PURL": "pkg:pypi/google-resumable-media@2.8.0", "UID": "4cb759904588f3fe", "BOMRef": "pkg:pypi/google-resumable-media@2.8.0" }, "Version": "2.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/google_resumable_media-2.8.0.dist-info/METADATA", "Digest": "sha1:a0a8dc418f86589aa080bb59708ed5aee38faacc" }, { "ID": "googleapis-common-protos@1.72.0", "Name": "googleapis-common-protos", "Identifier": { "PURL": "pkg:pypi/googleapis-common-protos@1.72.0", "UID": "9d828022033d1981", "BOMRef": "pkg:pypi/googleapis-common-protos@1.72.0" }, "Version": "1.72.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/googleapis_common_protos-1.72.0.dist-info/METADATA", "Digest": "sha1:78df7b249d5272b19c5adc5c8a9b3b2dee57311c" }, { "ID": "grpc-google-iam-v1@0.14.3", "Name": "grpc-google-iam-v1", "Identifier": { "PURL": "pkg:pypi/grpc-google-iam-v1@0.14.3", "UID": "218a175529f152fc", "BOMRef": "pkg:pypi/grpc-google-iam-v1@0.14.3" }, "Version": "0.14.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/grpc_google_iam_v1-0.14.3.dist-info/METADATA", "Digest": "sha1:98adc7e2fe504130f48db8ccb34db6820d396145" }, { "ID": "grpcio@1.78.0", "Name": "grpcio", "Identifier": { "PURL": "pkg:pypi/grpcio@1.78.0", "UID": "8e374a26af51898d", "BOMRef": "pkg:pypi/grpcio@1.78.0" }, "Version": "1.78.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio-1.78.0.dist-info/METADATA", "Digest": "sha1:d96608e4adf904c6baba974b5aa102508a8d0839" }, { "ID": "grpcio-status@1.71.2", "Name": "grpcio-status", "Identifier": { "PURL": "pkg:pypi/grpcio-status@1.71.2", "UID": "78757b045d89c86a", "BOMRef": "pkg:pypi/grpcio-status@1.71.2" }, "Version": "1.71.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/grpcio_status-1.71.2.dist-info/METADATA", "Digest": "sha1:bd80c647a0df7d5b9bda31af73fa704ff4e50c9f" }, { "ID": "gunicorn@23.0.0", "Name": "gunicorn", "Identifier": { "PURL": "pkg:pypi/gunicorn@23.0.0", "UID": "e2dca776299af05", "BOMRef": "pkg:pypi/gunicorn@23.0.0" }, "Version": "23.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/gunicorn-23.0.0.dist-info/METADATA", "Digest": "sha1:8de2f53497d5444853a1df1f44ff417831194283" }, { "ID": "h11@0.16.0", "Name": "h11", "Identifier": { "PURL": "pkg:pypi/h11@0.16.0", "UID": "48f6bd4c41a3b26f", "BOMRef": "pkg:pypi/h11@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/h11-0.16.0.dist-info/METADATA", "Digest": "sha1:5d41eddffefef5f6e8ff383a2537e81a38a37807" }, { "ID": "hf-xet@1.2.0", "Name": "hf-xet", "Identifier": { "PURL": "pkg:pypi/hf-xet@1.2.0", "UID": "2ac7ced862c06e3", "BOMRef": "pkg:pypi/hf-xet@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/hf_xet-1.2.0.dist-info/METADATA", "Digest": "sha1:c62213b030017c3a6179d95b00ac0b58fa58b6d8" }, { "ID": "httpcore@1.0.9", "Name": "httpcore", "Identifier": { "PURL": "pkg:pypi/httpcore@1.0.9", "UID": "f6806fe4172cdde1", "BOMRef": "pkg:pypi/httpcore@1.0.9" }, "Version": "1.0.9", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/httpcore-1.0.9.dist-info/METADATA", "Digest": "sha1:2981d359ae33f31d339189a9680db85785339a56" }, { "ID": "httpx@0.28.1", "Name": "httpx", "Identifier": { "PURL": "pkg:pypi/httpx@0.28.1", "UID": "235a91c3be39499b", "BOMRef": "pkg:pypi/httpx@0.28.1" }, "Version": "0.28.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/httpx-0.28.1.dist-info/METADATA", "Digest": "sha1:537da7e4f29438278e124e10e02d1a500fe33bcc" }, { "ID": "httpx-sse@0.4.3", "Name": "httpx-sse", "Identifier": { "PURL": "pkg:pypi/httpx-sse@0.4.3", "UID": "9fec42ea34956732", "BOMRef": "pkg:pypi/httpx-sse@0.4.3" }, "Version": "0.4.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/httpx_sse-0.4.3.dist-info/METADATA", "Digest": "sha1:df05446be58f0a3a306e50c7ceebef24bb383a6d" }, { "ID": "huggingface_hub@0.36.2", "Name": "huggingface_hub", "Identifier": { "PURL": "pkg:pypi/huggingface-hub@0.36.2", "UID": "6efd33d73edccbe9", "BOMRef": "pkg:pypi/huggingface-hub@0.36.2" }, "Version": "0.36.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/huggingface_hub-0.36.2.dist-info/METADATA", "Digest": "sha1:c3fb68f58f110a4308ea41f02a48f890697481fe" }, { "ID": "humanfriendly@10.0", "Name": "humanfriendly", "Identifier": { "PURL": "pkg:pypi/humanfriendly@10.0", "UID": "71fe71baac4fe6cc", "BOMRef": "pkg:pypi/humanfriendly@10.0" }, "Version": "10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/humanfriendly-10.0.dist-info/METADATA", "Digest": "sha1:f29e22413e2b6ed83b0bd7935acd2dbb1d830f40" }, { "ID": "idna@3.11", "Name": "idna", "Identifier": { "PURL": "pkg:pypi/idna@3.11", "UID": "4c53cef3afcb349c", "BOMRef": "pkg:pypi/idna@3.11" }, "Version": "3.11", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/idna-3.11.dist-info/METADATA", "Digest": "sha1:5e73674d19cce0601253436a2e5544abe09b9bc3" }, { "ID": "importlib-metadata@6.8.0", "Name": "importlib-metadata", "Identifier": { "PURL": "pkg:pypi/importlib-metadata@6.8.0", "UID": "1637412124171af3", "BOMRef": "pkg:pypi/importlib-metadata@6.8.0" }, "Version": "6.8.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/importlib_metadata-6.8.0.dist-info/METADATA", "Digest": "sha1:691851957e4c1cce8fa41d0f23cd83355dbb8756" }, { "ID": "isodate@0.7.2", "Name": "isodate", "Identifier": { "PURL": "pkg:pypi/isodate@0.7.2", "UID": "64f2eb58be95e4a5", "BOMRef": "pkg:pypi/isodate@0.7.2" }, "Version": "0.7.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/isodate-0.7.2.dist-info/METADATA", "Digest": "sha1:364399ca9e27df70628e3aff9c8b7b1da601f95d" }, { "ID": "jaraco.context@6.1.0", "Name": "jaraco.context", "Identifier": { "PURL": "pkg:pypi/jaraco.context@6.1.0", "UID": "2a4d84364c012e96", "BOMRef": "pkg:pypi/jaraco.context@6.1.0" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jaraco_context-6.1.0.dist-info/METADATA", "Digest": "sha1:c1ba70653abadb34b0a0e792b9b7025b6a4d7b3e" }, { "ID": "jiter@0.13.0", "Name": "jiter", "Identifier": { "PURL": "pkg:pypi/jiter@0.13.0", "UID": "d2555f5500eacf92", "BOMRef": "pkg:pypi/jiter@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jiter-0.13.0.dist-info/METADATA", "Digest": "sha1:2a9f923809d4a5bfa70b5c8d13e698904f4eca60" }, { "ID": "jmespath@1.1.0", "Name": "jmespath", "Identifier": { "PURL": "pkg:pypi/jmespath@1.1.0", "UID": "f91eaf286574e73a", "BOMRef": "pkg:pypi/jmespath@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jmespath-1.1.0.dist-info/METADATA", "Digest": "sha1:d3f297922cf04b0cc127a18994ad6e6b947f0cc7" }, { "ID": "jsonschema@4.26.0", "Name": "jsonschema", "Identifier": { "PURL": "pkg:pypi/jsonschema@4.26.0", "UID": "129085a0370cb822", "BOMRef": "pkg:pypi/jsonschema@4.26.0" }, "Version": "4.26.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema-4.26.0.dist-info/METADATA", "Digest": "sha1:94b3d1a46cf55d74e42c401eaf4a4b71c76cee31" }, { "ID": "jsonschema-path@0.3.4", "Name": "jsonschema-path", "Identifier": { "PURL": "pkg:pypi/jsonschema-path@0.3.4", "UID": "bc6aa2e9e2f47ccb", "BOMRef": "pkg:pypi/jsonschema-path@0.3.4" }, "Version": "0.3.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_path-0.3.4.dist-info/METADATA", "Digest": "sha1:48b69894bc45f3344dbe1daa7be14933b12db09a" }, { "ID": "jsonschema-specifications@2025.9.1", "Name": "jsonschema-specifications", "Identifier": { "PURL": "pkg:pypi/jsonschema-specifications@2025.9.1", "UID": "e95013ee5b09febc", "BOMRef": "pkg:pypi/jsonschema-specifications@2025.9.1" }, "Version": "2025.9.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/jsonschema_specifications-2025.9.1.dist-info/METADATA", "Digest": "sha1:ac33f477be9d3336ae67bc454f68a9ff39c91cf3" }, { "ID": "langfuse@2.59.7", "Name": "langfuse", "Identifier": { "PURL": "pkg:pypi/langfuse@2.59.7", "UID": "a4bd5a7dcbb9bbae", "BOMRef": "pkg:pypi/langfuse@2.59.7" }, "Version": "2.59.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/langfuse-2.59.7.dist-info/METADATA", "Digest": "sha1:64b00766ce586ee8bc229e1d1c519bbbaccf82af" }, { "ID": "lazy-object-proxy@1.12.0", "Name": "lazy-object-proxy", "Identifier": { "PURL": "pkg:pypi/lazy-object-proxy@1.12.0", "UID": "dcc4a7b740c2d8ee", "BOMRef": "pkg:pypi/lazy-object-proxy@1.12.0" }, "Version": "1.12.0", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/lazy_object_proxy-1.12.0.dist-info/METADATA", "Digest": "sha1:68e349fa87b22a25e3af674e29698bb08d37a074" }, { "ID": "legacy-cgi@2.6.4", "Name": "legacy-cgi", "Identifier": { "PURL": "pkg:pypi/legacy-cgi@2.6.4", "UID": "8b16e971abb201b2", "BOMRef": "pkg:pypi/legacy-cgi@2.6.4" }, "Version": "2.6.4", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/legacy_cgi-2.6.4.dist-info/METADATA", "Digest": "sha1:23159c15d8f7c3223df17c75f23eb2d59ef58128" }, { "ID": "litellm@1.81.3", "Name": "litellm", "Identifier": { "PURL": "pkg:pypi/litellm@1.81.3", "UID": "4b71d9e9aa29a0e6", "BOMRef": "pkg:pypi/litellm@1.81.3" }, "Version": "1.81.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/litellm-1.81.3.dist-info/METADATA", "Digest": "sha1:d044197b11035af4038ab1476605f0a55af0f36e" }, { "ID": "litellm-enterprise@0.1.28", "Name": "litellm-enterprise", "Identifier": { "PURL": "pkg:pypi/litellm-enterprise@0.1.28", "UID": "3e188d069d4d41b4", "BOMRef": "pkg:pypi/litellm-enterprise@0.1.28" }, "Version": "0.1.28", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_enterprise-0.1.28.dist-info/METADATA", "Digest": "sha1:ba376347213ace8d33b46344e0c6d7630f5036ec" }, { "ID": "litellm-proxy-extras@0.4.27", "Name": "litellm-proxy-extras", "Identifier": { "PURL": "pkg:pypi/litellm-proxy-extras@0.4.27", "UID": "f3ce86d17e5d876", "BOMRef": "pkg:pypi/litellm-proxy-extras@0.4.27" }, "Version": "0.4.27", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/litellm_proxy_extras-0.4.27.dist-info/METADATA", "Digest": "sha1:049aaa62de1b62a5ea775433d08f68da55266bfe" }, { "ID": "llm-sandbox@0.3.31", "Name": "llm-sandbox", "Identifier": { "PURL": "pkg:pypi/llm-sandbox@0.3.31", "UID": "c7c08075851d1e40", "BOMRef": "pkg:pypi/llm-sandbox@0.3.31" }, "Version": "0.3.31", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/llm_sandbox-0.3.31.dist-info/METADATA", "Digest": "sha1:85bb0474aad9559dff054282fdd4b29a4f92a80e" }, { "ID": "mangum@0.17.0", "Name": "mangum", "Identifier": { "PURL": "pkg:pypi/mangum@0.17.0", "UID": "d06eca87368c08ff", "BOMRef": "pkg:pypi/mangum@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/mangum-0.17.0.dist-info/METADATA", "Digest": "sha1:0957be909988180dffafaf9c6ef2301be9a0739b" }, { "ID": "markdown-it-py@4.0.0", "Name": "markdown-it-py", "Identifier": { "PURL": "pkg:pypi/markdown-it-py@4.0.0", "UID": "e7758b17bdd28ab7", "BOMRef": "pkg:pypi/markdown-it-py@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/markdown_it_py-4.0.0.dist-info/METADATA", "Digest": "sha1:0cee543cadd1bdc67e8d1acd6fae8cc419523f4c" }, { "ID": "mcp@1.25.0", "Name": "mcp", "Identifier": { "PURL": "pkg:pypi/mcp@1.25.0", "UID": "5f103e797d44275", "BOMRef": "pkg:pypi/mcp@1.25.0" }, "Version": "1.25.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/mcp-1.25.0.dist-info/METADATA", "Digest": "sha1:c86fd9fb3b07f6b9cb4a3ade6abcc16c1c763399" }, { "ID": "mdurl@0.1.2", "Name": "mdurl", "Identifier": { "PURL": "pkg:pypi/mdurl@0.1.2", "UID": "51276af2ac9b2283", "BOMRef": "pkg:pypi/mdurl@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/mdurl-0.1.2.dist-info/METADATA", "Digest": "sha1:cc9d84bf84be59dd90368ea2f5e3a9fae8f0f1b7" }, { "ID": "ml-dtypes@0.4.1", "Name": "ml-dtypes", "Identifier": { "PURL": "pkg:pypi/ml-dtypes@0.4.1", "UID": "cae3bd6966c44890", "BOMRef": "pkg:pypi/ml-dtypes@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/ml_dtypes-0.4.1.dist-info/METADATA", "Digest": "sha1:28e53cadb8495b4a770c99d9392b1c79a14f4c8d" }, { "ID": "more-itertools@10.8.0", "Name": "more-itertools", "Identifier": { "PURL": "pkg:pypi/more-itertools@10.8.0", "UID": "8647a05d2b7fcec8", "BOMRef": "pkg:pypi/more-itertools@10.8.0" }, "Version": "10.8.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/more_itertools-10.8.0.dist-info/METADATA", "Digest": "sha1:55aef894a0f39f280471306f0c5ecf3730ff5863" }, { "ID": "msal@1.34.0", "Name": "msal", "Identifier": { "PURL": "pkg:pypi/msal@1.34.0", "UID": "94ef195b61525837", "BOMRef": "pkg:pypi/msal@1.34.0" }, "Version": "1.34.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/msal-1.34.0.dist-info/METADATA", "Digest": "sha1:9992cd494a1c8486b1a65e94cb1998d2ef320093" }, { "ID": "msal-extensions@1.3.1", "Name": "msal-extensions", "Identifier": { "PURL": "pkg:pypi/msal-extensions@1.3.1", "UID": "a86898497de2962f", "BOMRef": "pkg:pypi/msal-extensions@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/msal_extensions-1.3.1.dist-info/METADATA", "Digest": "sha1:41015e491016a80539109491a22adb22f7c7dddd" }, { "ID": "multidict@6.7.1", "Name": "multidict", "Identifier": { "PURL": "pkg:pypi/multidict@6.7.1", "UID": "b0c6632f9477bbd8", "BOMRef": "pkg:pypi/multidict@6.7.1" }, "Version": "6.7.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/multidict-6.7.1.dist-info/METADATA", "Digest": "sha1:216b572c03dd786e9e08cb0ed5e833a9ec0fd494" }, { "ID": "nodeenv@1.10.0", "Name": "nodeenv", "Identifier": { "PURL": "pkg:pypi/nodeenv@1.10.0", "UID": "bb43310863142e61", "BOMRef": "pkg:pypi/nodeenv@1.10.0" }, "Version": "1.10.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodeenv-1.10.0.dist-info/METADATA", "Digest": "sha1:1b29a746e209117735cc705714358dbf9e858eb4" }, { "ID": "nodejs-wheel-binaries@24.12.0", "Name": "nodejs-wheel-binaries", "Identifier": { "PURL": "pkg:pypi/nodejs-wheel-binaries@24.12.0", "UID": "1090d98b747ef8bd", "BOMRef": "pkg:pypi/nodejs-wheel-binaries@24.12.0" }, "Version": "24.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/nodejs_wheel_binaries-24.12.0.dist-info/METADATA", "Digest": "sha1:8a102cd330d17e7e42361b3326da94281c9b8427" }, { "ID": "numpy@2.4.2", "Name": "numpy", "Identifier": { "PURL": "pkg:pypi/numpy@2.4.2", "UID": "6b4916ca06c07d72", "BOMRef": "pkg:pypi/numpy@2.4.2" }, "Version": "2.4.2", "Licenses": [ "BSD-3-Clause AND 0BSD AND MIT AND Zlib AND CC0-1.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/numpy-2.4.2.dist-info/METADATA", "Digest": "sha1:f78437e3f7066f0441d6e9a7c34ce6f6a66871a5" }, { "ID": "oauthlib@3.3.1", "Name": "oauthlib", "Identifier": { "PURL": "pkg:pypi/oauthlib@3.3.1", "UID": "e2c837642827e583", "BOMRef": "pkg:pypi/oauthlib@3.3.1" }, "Version": "3.3.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/oauthlib-3.3.1.dist-info/METADATA", "Digest": "sha1:9ba5229bceb66742065501d44c4e07f8b401d4c8" }, { "ID": "openai@2.9.0", "Name": "openai", "Identifier": { "PURL": "pkg:pypi/openai@2.9.0", "UID": "f894c101c57d99ce", "BOMRef": "pkg:pypi/openai@2.9.0" }, "Version": "2.9.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/openai-2.9.0.dist-info/METADATA", "Digest": "sha1:3a50a52d05f9d1a9114c73731816df78928764c0" }, { "ID": "openapi-core@0.21.0", "Name": "openapi-core", "Identifier": { "PURL": "pkg:pypi/openapi-core@0.21.0", "UID": "662109830f1fd3a0", "BOMRef": "pkg:pypi/openapi-core@0.21.0" }, "Version": "0.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_core-0.21.0.dist-info/METADATA", "Digest": "sha1:23d2501e93de078ce5136cd7b4e20a7463c210f4" }, { "ID": "openapi-schema-validator@0.6.3", "Name": "openapi-schema-validator", "Identifier": { "PURL": "pkg:pypi/openapi-schema-validator@0.6.3", "UID": "e18ebb9622a401c", "BOMRef": "pkg:pypi/openapi-schema-validator@0.6.3" }, "Version": "0.6.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_schema_validator-0.6.3.dist-info/METADATA", "Digest": "sha1:94ac2dfdccefaac1f8f6efc0ce4e4713274af79f" }, { "ID": "openapi-spec-validator@0.7.2", "Name": "openapi-spec-validator", "Identifier": { "PURL": "pkg:pypi/openapi-spec-validator@0.7.2", "UID": "3f9be9be3530d09f", "BOMRef": "pkg:pypi/openapi-spec-validator@0.7.2" }, "Version": "0.7.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/openapi_spec_validator-0.7.2.dist-info/METADATA", "Digest": "sha1:3b8226cdb965b31b940c1bfaba9d0b337cc0c8f8" }, { "ID": "opentelemetry-api@1.28.0", "Name": "opentelemetry-api", "Identifier": { "PURL": "pkg:pypi/opentelemetry-api@1.28.0", "UID": "cf38031383f17e7b", "BOMRef": "pkg:pypi/opentelemetry-api@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_api-1.28.0.dist-info/METADATA", "Digest": "sha1:fa7a37347c7a77b570878666db0821d85e58a470" }, { "ID": "opentelemetry-exporter-otlp@1.28.0", "Name": "opentelemetry-exporter-otlp", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0", "UID": "402f4ab4f244efd", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp-1.28.0.dist-info/METADATA", "Digest": "sha1:02d9d528c93b4a483c217803ff2b5b14dff509ef" }, { "ID": "opentelemetry-exporter-otlp-proto-common@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-common", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0", "UID": "ca6112d9995de497", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-common@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_common-1.28.0.dist-info/METADATA", "Digest": "sha1:9b898d5238fd7ac09e303fb6fddbe084603de874" }, { "ID": "opentelemetry-exporter-otlp-proto-grpc@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-grpc", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0", "UID": "c9b4a9c73e47e0f4", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-grpc@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_grpc-1.28.0.dist-info/METADATA", "Digest": "sha1:4d2e1a9be4c683f90b3116732d154d789efb6de5" }, { "ID": "opentelemetry-exporter-otlp-proto-http@1.28.0", "Name": "opentelemetry-exporter-otlp-proto-http", "Identifier": { "PURL": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0", "UID": "53535220abb70fd8", "BOMRef": "pkg:pypi/opentelemetry-exporter-otlp-proto-http@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_exporter_otlp_proto_http-1.28.0.dist-info/METADATA", "Digest": "sha1:f7029b101ac39ca429c16dfbfbd1f67d7da1e28c" }, { "ID": "opentelemetry-proto@1.28.0", "Name": "opentelemetry-proto", "Identifier": { "PURL": "pkg:pypi/opentelemetry-proto@1.28.0", "UID": "94ef8283cb4adcf", "BOMRef": "pkg:pypi/opentelemetry-proto@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_proto-1.28.0.dist-info/METADATA", "Digest": "sha1:2f4cc88e72c49fd14c43d3160427ec7631e420ba" }, { "ID": "opentelemetry-sdk@1.28.0", "Name": "opentelemetry-sdk", "Identifier": { "PURL": "pkg:pypi/opentelemetry-sdk@1.28.0", "UID": "68a589636c2ee063", "BOMRef": "pkg:pypi/opentelemetry-sdk@1.28.0" }, "Version": "1.28.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_sdk-1.28.0.dist-info/METADATA", "Digest": "sha1:ff78308a4de96861a2b9afbecc1745376f09d82b" }, { "ID": "opentelemetry-semantic-conventions@0.49b0", "Name": "opentelemetry-semantic-conventions", "Identifier": { "PURL": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0", "UID": "a493ffd523f73a1a", "BOMRef": "pkg:pypi/opentelemetry-semantic-conventions@0.49b0" }, "Version": "0.49b0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/opentelemetry_semantic_conventions-0.49b0.dist-info/METADATA", "Digest": "sha1:2389733e201fd7a0ec508bbc2f1e32a23488c45e" }, { "ID": "orjson@3.11.2", "Name": "orjson", "Identifier": { "PURL": "pkg:pypi/orjson@3.11.2", "UID": "7cbdd61a8da90316", "BOMRef": "pkg:pypi/orjson@3.11.2" }, "Version": "3.11.2", "Licenses": [ "Apache-2.0", "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/orjson-3.11.2.dist-info/METADATA", "Digest": "sha1:3ebc8fb8aad9e39b0e3069445ed93a000af1c9a8" }, { "ID": "packaging@24.2", "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@24.2", "UID": "a7a4595b705aba37", "BOMRef": "pkg:pypi/packaging@24.2" }, "Version": "24.2", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/packaging-24.2.dist-info/METADATA", "Digest": "sha1:292b8d19cdc308e072817b6407cac3cb5175a060" }, { "ID": "pathable@0.4.4", "Name": "pathable", "Identifier": { "PURL": "pkg:pypi/pathable@0.4.4", "UID": "885ce330e730675f", "BOMRef": "pkg:pypi/pathable@0.4.4" }, "Version": "0.4.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pathable-0.4.4.dist-info/METADATA", "Digest": "sha1:866e61605d29a563f1cdd110899065ddb5f2f482" }, { "ID": "pillow@11.0.0", "Name": "pillow", "Identifier": { "PURL": "pkg:pypi/pillow@11.0.0", "UID": "d30720831dca53df", "BOMRef": "pkg:pypi/pillow@11.0.0" }, "Version": "11.0.0", "Licenses": [ "CMU License (MIT-CMU)" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pillow-11.0.0.dist-info/METADATA", "Digest": "sha1:e4bd88e655b298ea8862420833c05b430e6c32a8" }, { "ID": "polars@1.31.0", "Name": "polars", "Identifier": { "PURL": "pkg:pypi/polars@1.31.0", "UID": "5a0e72534d071a14", "BOMRef": "pkg:pypi/polars@1.31.0" }, "Version": "1.31.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/polars-1.31.0.dist-info/METADATA", "Digest": "sha1:9372c8d51ed35260721b244d0f1432df652171cf" }, { "ID": "prisma@0.11.0", "Name": "prisma", "Identifier": { "PURL": "pkg:pypi/prisma@0.11.0", "UID": "8fd7f13d7a001b01", "BOMRef": "pkg:pypi/prisma@0.11.0" }, "Version": "0.11.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/prisma-0.11.0.dist-info/METADATA", "Digest": "sha1:fad8c94f4fab264e96c18a22151e04c0cdf411b0" }, { "ID": "prometheus_client@0.20.0", "Name": "prometheus_client", "Identifier": { "PURL": "pkg:pypi/prometheus-client@0.20.0", "UID": "3961b1370a175eb5", "BOMRef": "pkg:pypi/prometheus-client@0.20.0" }, "Version": "0.20.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/prometheus_client-0.20.0.dist-info/METADATA", "Digest": "sha1:ca9ab1f552aae8ed12e1084fd9c8347782cb1049" }, { "ID": "propcache@0.4.1", "Name": "propcache", "Identifier": { "PURL": "pkg:pypi/propcache@0.4.1", "UID": "76b35d6ad8518612", "BOMRef": "pkg:pypi/propcache@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/propcache-0.4.1.dist-info/METADATA", "Digest": "sha1:9b2af7eeab4bcb9bad4ba6d407baa00869b8168c" }, { "ID": "proto-plus@1.27.1", "Name": "proto-plus", "Identifier": { "PURL": "pkg:pypi/proto-plus@1.27.1", "UID": "15ee68eddb604f26", "BOMRef": "pkg:pypi/proto-plus@1.27.1" }, "Version": "1.27.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/proto_plus-1.27.1.dist-info/METADATA", "Digest": "sha1:f256867207ef1543010030633cf2f7669c66591c" }, { "ID": "protobuf@5.29.6", "Name": "protobuf", "Identifier": { "PURL": "pkg:pypi/protobuf@5.29.6", "UID": "47e2df89c97ea9c", "BOMRef": "pkg:pypi/protobuf@5.29.6" }, "Version": "5.29.6", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/protobuf-5.29.6.dist-info/METADATA", "Digest": "sha1:f6ba7e2f92bfad0493f3bdc530ecf2398f28d411" }, { "ID": "pyasn1@0.6.2", "Name": "pyasn1", "Identifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "ab15d3464870ef25", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "Version": "0.6.2", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "Digest": "sha1:9e49d4b851f49962151f61b10a5d9c65e5b8eade" }, { "ID": "pyasn1_modules@0.4.2", "Name": "pyasn1_modules", "Identifier": { "PURL": "pkg:pypi/pyasn1-modules@0.4.2", "UID": "a1b4b355cc46ed0b", "BOMRef": "pkg:pypi/pyasn1-modules@0.4.2" }, "Version": "0.4.2", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pyasn1_modules-0.4.2.dist-info/METADATA", "Digest": "sha1:ff67c376a06e456e4caa8a256505a2298f5e7141" }, { "ID": "pycparser@3.0", "Name": "pycparser", "Identifier": { "PURL": "pkg:pypi/pycparser@3.0", "UID": "59f6329c118bdbb9", "BOMRef": "pkg:pypi/pycparser@3.0" }, "Version": "3.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pycparser-3.0.dist-info/METADATA", "Digest": "sha1:ec46323dcd4dd2f7742b74b09cc0b030e330e46f" }, { "ID": "pydantic@2.12.5", "Name": "pydantic", "Identifier": { "PURL": "pkg:pypi/pydantic@2.12.5", "UID": "1e40a2e2efe845f5", "BOMRef": "pkg:pypi/pydantic@2.12.5" }, "Version": "2.12.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic-2.12.5.dist-info/METADATA", "Digest": "sha1:83683052da3c86191d3ce41d60fa7f9780cf0478" }, { "ID": "pydantic-settings@2.12.0", "Name": "pydantic-settings", "Identifier": { "PURL": "pkg:pypi/pydantic-settings@2.12.0", "UID": "93b34b08155ce774", "BOMRef": "pkg:pypi/pydantic-settings@2.12.0" }, "Version": "2.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_settings-2.12.0.dist-info/METADATA", "Digest": "sha1:ba04c497953381f175356d81ca3aed5353a74ffe" }, { "ID": "pydantic_core@2.41.5", "Name": "pydantic_core", "Identifier": { "PURL": "pkg:pypi/pydantic-core@2.41.5", "UID": "d7fce4e31e4b8f7c", "BOMRef": "pkg:pypi/pydantic-core@2.41.5" }, "Version": "2.41.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pydantic_core-2.41.5.dist-info/METADATA", "Digest": "sha1:07d49fc75e0fd822fcc2719c0bbece0049fba67a" }, { "ID": "python-dateutil@2.9.0.post0", "Name": "python-dateutil", "Identifier": { "PURL": "pkg:pypi/python-dateutil@2.9.0.post0", "UID": "9d17f6b2846783a3", "BOMRef": "pkg:pypi/python-dateutil@2.9.0.post0" }, "Version": "2.9.0.post0", "Licenses": [ "BSD-3-Clause", "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/python_dateutil-2.9.0.post0.dist-info/METADATA", "Digest": "sha1:7a3c35abd86cd96034d5afb0d4b241dc9e13e6f8" }, { "ID": "python-dotenv@1.0.1", "Name": "python-dotenv", "Identifier": { "PURL": "pkg:pypi/python-dotenv@1.0.1", "UID": "eae6b0ab62f36c2d", "BOMRef": "pkg:pypi/python-dotenv@1.0.1" }, "Version": "1.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/python_dotenv-1.0.1.dist-info/METADATA", "Digest": "sha1:e0a2e23c662b53538eed76a837fb7ecc9327df7e" }, { "ID": "python-multipart@0.0.18", "Name": "python-multipart", "Identifier": { "PURL": "pkg:pypi/python-multipart@0.0.18", "UID": "c828399738b6cac4", "BOMRef": "pkg:pypi/python-multipart@0.0.18" }, "Version": "0.0.18", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/python_multipart-0.0.18.dist-info/METADATA", "Digest": "sha1:d63285470f06ba1a434873d592ce32d06e0b9eac" }, { "ID": "python-ulid@3.1.0", "Name": "python-ulid", "Identifier": { "PURL": "pkg:pypi/python-ulid@3.1.0", "UID": "ff3231b673c6cf01", "BOMRef": "pkg:pypi/python-ulid@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/python_ulid-3.1.0.dist-info/METADATA", "Digest": "sha1:4c8b8c9ccc57da11803c277c04fd19bccf8bbe4d" }, { "ID": "pytz@2025.2", "Name": "pytz", "Identifier": { "PURL": "pkg:pypi/pytz@2025.2", "UID": "78455b8267558857", "BOMRef": "pkg:pypi/pytz@2025.2" }, "Version": "2025.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/pytz-2025.2.dist-info/METADATA", "Digest": "sha1:db28b063c13ef94fa0f89b36bdc6d66776fe5bd5" }, { "ID": "redis@5.2.1", "Name": "redis", "Identifier": { "PURL": "pkg:pypi/redis@5.2.1", "UID": "7c656a5cf56d4958", "BOMRef": "pkg:pypi/redis@5.2.1" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/redis-5.2.1.dist-info/METADATA", "Digest": "sha1:27194d5ec4e7a9cda79f44d14513c056aff7d483" }, { "ID": "redisvl@0.4.1", "Name": "redisvl", "Identifier": { "PURL": "pkg:pypi/redisvl@0.4.1", "UID": "33bfc15534744edb", "BOMRef": "pkg:pypi/redisvl@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/redisvl-0.4.1.dist-info/METADATA", "Digest": "sha1:5907c76977fda13f87074bb069abf46d89f26435" }, { "ID": "referencing@0.36.2", "Name": "referencing", "Identifier": { "PURL": "pkg:pypi/referencing@0.36.2", "UID": "145722632097695e", "BOMRef": "pkg:pypi/referencing@0.36.2" }, "Version": "0.36.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/referencing-0.36.2.dist-info/METADATA", "Digest": "sha1:cf1208e207b8130e0abf63be5c1dac8598fb4049" }, { "ID": "regex@2026.1.15", "Name": "regex", "Identifier": { "PURL": "pkg:pypi/regex@2026.1.15", "UID": "917c9d3845feda34", "BOMRef": "pkg:pypi/regex@2026.1.15" }, "Version": "2026.1.15", "Licenses": [ "Apache-2.0 AND CNRI-Python" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/regex-2026.1.15.dist-info/METADATA", "Digest": "sha1:e600d879b2f5d27130a57d94ce05664a56098705" }, { "ID": "requests@2.32.5", "Name": "requests", "Identifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "f61bbf1fde9cdf8f", "BOMRef": "pkg:pypi/requests@2.32.5" }, "Version": "2.32.5", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "Digest": "sha1:ca17920e69f3c7103322151275139cf487e4da08" }, { "ID": "requests-toolbelt@1.0.0", "Name": "requests-toolbelt", "Identifier": { "PURL": "pkg:pypi/requests-toolbelt@1.0.0", "UID": "a63cda54ae6bc41d", "BOMRef": "pkg:pypi/requests-toolbelt@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/requests_toolbelt-1.0.0.dist-info/METADATA", "Digest": "sha1:171fbbc84e8b7216e237b702f3fda539ffb1e487" }, { "ID": "rfc3339-validator@0.1.4", "Name": "rfc3339-validator", "Identifier": { "PURL": "pkg:pypi/rfc3339-validator@0.1.4", "UID": "823d77fb05b96462", "BOMRef": "pkg:pypi/rfc3339-validator@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/rfc3339_validator-0.1.4.dist-info/METADATA", "Digest": "sha1:b8cc2c804bf4cb64b4573a802305f3d0dc7e9a91" }, { "ID": "rich@13.7.1", "Name": "rich", "Identifier": { "PURL": "pkg:pypi/rich@13.7.1", "UID": "c8ac99d7d3f4172", "BOMRef": "pkg:pypi/rich@13.7.1" }, "Version": "13.7.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/rich-13.7.1.dist-info/METADATA", "Digest": "sha1:bf3cca748ddf06213ddb6911d0b2d437f202533b" }, { "ID": "rpds-py@0.30.0", "Name": "rpds-py", "Identifier": { "PURL": "pkg:pypi/rpds-py@0.30.0", "UID": "92ade2965a943471", "BOMRef": "pkg:pypi/rpds-py@0.30.0" }, "Version": "0.30.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/rpds_py-0.30.0.dist-info/METADATA", "Digest": "sha1:9eef46c842a0ca6229680d7bfc1272958efdcc5a" }, { "ID": "rsa@4.9.1", "Name": "rsa", "Identifier": { "PURL": "pkg:pypi/rsa@4.9.1", "UID": "d8fb1806de2032", "BOMRef": "pkg:pypi/rsa@4.9.1" }, "Version": "4.9.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/rsa-4.9.1.dist-info/METADATA", "Digest": "sha1:a2f68fc042a03952873edfefafda03c04787a56f" }, { "ID": "s3transfer@0.14.0", "Name": "s3transfer", "Identifier": { "PURL": "pkg:pypi/s3transfer@0.14.0", "UID": "6b6b1d27106f49a0", "BOMRef": "pkg:pypi/s3transfer@0.14.0" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/s3transfer-0.14.0.dist-info/METADATA", "Digest": "sha1:dd9c4cd2d179b27942830646a152d8f484ca7800" }, { "ID": "semantic-router@0.1.11", "Name": "semantic-router", "Identifier": { "PURL": "pkg:pypi/semantic-router@0.1.11", "UID": "af5babddcae33143", "BOMRef": "pkg:pypi/semantic-router@0.1.11" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/semantic_router-0.1.11.dist-info/METADATA", "Digest": "sha1:7de93f4f62c6d698a4693fb0c0380fdf2d9456a3" }, { "ID": "sentry-sdk@2.21.0", "Name": "sentry-sdk", "Identifier": { "PURL": "pkg:pypi/sentry-sdk@2.21.0", "UID": "318d3c4949688c4e", "BOMRef": "pkg:pypi/sentry-sdk@2.21.0" }, "Version": "2.21.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/sentry_sdk-2.21.0.dist-info/METADATA", "Digest": "sha1:5af3250fb5606b6a97f62d83513d6010a0d3954f" }, { "ID": "six@1.17.0", "Name": "six", "Identifier": { "PURL": "pkg:pypi/six@1.17.0", "UID": "e5aa46b49502d44", "BOMRef": "pkg:pypi/six@1.17.0" }, "Version": "1.17.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/six-1.17.0.dist-info/METADATA", "Digest": "sha1:483a26554261f6c839703c0e1183f3ef33ff97f1" }, { "ID": "sniffio@1.3.1", "Name": "sniffio", "Identifier": { "PURL": "pkg:pypi/sniffio@1.3.1", "UID": "56010686f606086a", "BOMRef": "pkg:pypi/sniffio@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT", "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/sniffio-1.3.1.dist-info/METADATA", "Digest": "sha1:bc1d7aead770fe23c8d22666b84558edb3686da3" }, { "ID": "soundfile@0.12.1", "Name": "soundfile", "Identifier": { "PURL": "pkg:pypi/soundfile@0.12.1", "UID": "9b4c8542e9fa3443", "BOMRef": "pkg:pypi/soundfile@0.12.1" }, "Version": "0.12.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/soundfile-0.12.1.dist-info/METADATA", "Digest": "sha1:b5ce3ad2ef849be1c4195d05ca730e0f7905e90b" }, { "ID": "sse-starlette@3.2.0", "Name": "sse-starlette", "Identifier": { "PURL": "pkg:pypi/sse-starlette@3.2.0", "UID": "8714094066c57aee", "BOMRef": "pkg:pypi/sse-starlette@3.2.0" }, "Version": "3.2.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/sse_starlette-3.2.0.dist-info/METADATA", "Digest": "sha1:8a6175cd01d1e84f937287b9a9b0879cda2952f8" }, { "ID": "starlette@0.49.1", "Name": "starlette", "Identifier": { "PURL": "pkg:pypi/starlette@0.49.1", "UID": "2c3b14cd1c89ead", "BOMRef": "pkg:pypi/starlette@0.49.1" }, "Version": "0.49.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/starlette-0.49.1.dist-info/METADATA", "Digest": "sha1:d2dc5927de72d847252d292615f15065928238dc" }, { "ID": "tabulate@0.9.0", "Name": "tabulate", "Identifier": { "PURL": "pkg:pypi/tabulate@0.9.0", "UID": "f7f4f01d9371c8f1", "BOMRef": "pkg:pypi/tabulate@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tabulate-0.9.0.dist-info/METADATA", "Digest": "sha1:046f2344c8bedde41b94133c1322ae928e80e738" }, { "ID": "tenacity@8.5.0", "Name": "tenacity", "Identifier": { "PURL": "pkg:pypi/tenacity@8.5.0", "UID": "b7fd65772d14d1d0", "BOMRef": "pkg:pypi/tenacity@8.5.0" }, "Version": "8.5.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tenacity-8.5.0.dist-info/METADATA", "Digest": "sha1:67c962294c30afecad8066ac633a11bd658c5148" }, { "ID": "tiktoken@0.8.0", "Name": "tiktoken", "Identifier": { "PURL": "pkg:pypi/tiktoken@0.8.0", "UID": "7c3c8048e744ae75", "BOMRef": "pkg:pypi/tiktoken@0.8.0" }, "Version": "0.8.0", "Licenses": [ "MIT License Copyright (c) 2022 OpenAI, Shantanu Jain Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tiktoken-0.8.0.dist-info/METADATA", "Digest": "sha1:9d84201eb7fb511e2757fbd00150263ff31577b8" }, { "ID": "tokenizers@0.20.2", "Name": "tokenizers", "Identifier": { "PURL": "pkg:pypi/tokenizers@0.20.2", "UID": "e2f344de69658012", "BOMRef": "pkg:pypi/tokenizers@0.20.2" }, "Version": "0.20.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tokenizers-0.20.2.dist-info/METADATA", "Digest": "sha1:86c509fc1d122a9bba1c089e9d38ddd1c56d64cd" }, { "ID": "tomlkit@0.14.0", "Name": "tomlkit", "Identifier": { "PURL": "pkg:pypi/tomlkit@0.14.0", "UID": "e32b013f93889131", "BOMRef": "pkg:pypi/tomlkit@0.14.0" }, "Version": "0.14.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tomlkit-0.14.0.dist-info/METADATA", "Digest": "sha1:7887d40449d9684788cfb76faacc540c0769cac8" }, { "ID": "tornado@6.5.4", "Name": "tornado", "Identifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "6fc19517b2c2b03", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "Version": "6.5.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "FilePath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "Digest": "sha1:a1e2393e5aa6c6bd7c26bfb9b68a31771d14a790" }, { "ID": "tqdm@4.67.3", "Name": "tqdm", "Identifier": { "PURL": "pkg:pypi/tqdm@4.67.3", "UID": "453471efd653ed6c", "BOMRef": "pkg:pypi/tqdm@4.67.3" }, "Version": "4.67.3", "Licenses": [ "MPL-2.0 AND MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tqdm-4.67.3.dist-info/METADATA", "Digest": "sha1:0135af1981d2b0f1326020f991192d869693b873" }, { "ID": "typing-inspection@0.4.2", "Name": "typing-inspection", "Identifier": { "PURL": "pkg:pypi/typing-inspection@0.4.2", "UID": "ae335512296a90f6", "BOMRef": "pkg:pypi/typing-inspection@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/typing_inspection-0.4.2.dist-info/METADATA", "Digest": "sha1:455fdb9c8e246ba02c2a28655287401b62028b60" }, { "ID": "typing_extensions@4.15.0", "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.15.0", "UID": "d06eeb5cf25a05c4", "BOMRef": "pkg:pypi/typing-extensions@4.15.0" }, "Version": "4.15.0", "Licenses": [ "PSF-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/typing_extensions-4.15.0.dist-info/METADATA", "Digest": "sha1:c5c2ce18351f8f2ae0f4a6f7c84c523f342010ee" }, { "ID": "tzdata@2025.1", "Name": "tzdata", "Identifier": { "PURL": "pkg:pypi/tzdata@2025.1", "UID": "68ba279767f150e9", "BOMRef": "pkg:pypi/tzdata@2025.1" }, "Version": "2025.1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tzdata-2025.1.dist-info/METADATA", "Digest": "sha1:6e57a2a6ed74712dd41842370b1c12bb8446d4b1" }, { "ID": "tzlocal@5.3.1", "Name": "tzlocal", "Identifier": { "PURL": "pkg:pypi/tzlocal@5.3.1", "UID": "40a2bcfc2c892e0f", "BOMRef": "pkg:pypi/tzlocal@5.3.1" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/tzlocal-5.3.1.dist-info/METADATA", "Digest": "sha1:fa463c4a745ae9f56544484fb7724eb107786eb4" }, { "ID": "urllib3@2.6.3", "Name": "urllib3", "Identifier": { "PURL": "pkg:pypi/urllib3@2.6.3", "UID": "960766f79ca25668", "BOMRef": "pkg:pypi/urllib3@2.6.3" }, "Version": "2.6.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/urllib3-2.6.3.dist-info/METADATA", "Digest": "sha1:8e2cd7246c7dce09d4590affab6060ec527397c1" }, { "ID": "uvicorn@0.31.1", "Name": "uvicorn", "Identifier": { "PURL": "pkg:pypi/uvicorn@0.31.1", "UID": "e60e280bcd75c440", "BOMRef": "pkg:pypi/uvicorn@0.31.1" }, "Version": "0.31.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/uvicorn-0.31.1.dist-info/METADATA", "Digest": "sha1:d229686a1d0f8b25bbb3ca0ab3b5519a37abc2b2" }, { "ID": "uvloop@0.21.0", "Name": "uvloop", "Identifier": { "PURL": "pkg:pypi/uvloop@0.21.0", "UID": "d6c33f71b4c7aedd", "BOMRef": "pkg:pypi/uvloop@0.21.0" }, "Version": "0.21.0", "Licenses": [ "Apache-2.0", "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/uvloop-0.21.0.dist-info/METADATA", "Digest": "sha1:eecfee7932b6d8397d72414b9a42e8b34c4dcbe7" }, { "ID": "websockets@15.0.1", "Name": "websockets", "Identifier": { "PURL": "pkg:pypi/websockets@15.0.1", "UID": "fc624b04348fc66c", "BOMRef": "pkg:pypi/websockets@15.0.1" }, "Version": "15.0.1", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/websockets-15.0.1.dist-info/METADATA", "Digest": "sha1:7bcef50b72ed117258a503c68d7f5dd194872067" }, { "ID": "wrapt@1.17.3", "Name": "wrapt", "Identifier": { "PURL": "pkg:pypi/wrapt@1.17.3", "UID": "41b71762f2bccac9", "BOMRef": "pkg:pypi/wrapt@1.17.3" }, "Version": "1.17.3", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/wrapt-1.17.3.dist-info/METADATA", "Digest": "sha1:dbb2682fa0ce1b88bad298721b69b9263a689653" }, { "ID": "xmltodict@1.0.2", "Name": "xmltodict", "Identifier": { "PURL": "pkg:pypi/xmltodict@1.0.2", "UID": "b11d5bc9f7f5abd", "BOMRef": "pkg:pypi/xmltodict@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/xmltodict-1.0.2.dist-info/METADATA", "Digest": "sha1:12598af0f119ea10de66172e206d3394d7652bfd" }, { "ID": "yarl@1.22.0", "Name": "yarl", "Identifier": { "PURL": "pkg:pypi/yarl@1.22.0", "UID": "5cb4276da03990d8", "BOMRef": "pkg:pypi/yarl@1.22.0" }, "Version": "1.22.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/yarl-1.22.0.dist-info/METADATA", "Digest": "sha1:f41ac3bd0464e5ad45fa596ed3de6fc69d98568d" }, { "ID": "zipp@3.23.0", "Name": "zipp", "Identifier": { "PURL": "pkg:pypi/zipp@3.23.0", "UID": "3c79e51990f88af4", "BOMRef": "pkg:pypi/zipp@3.23.0" }, "Version": "3.23.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "FilePath": "usr/lib/python3.13/site-packages/zipp-3.23.0.dist-info/METADATA", "Digest": "sha1:d7974cc6cd5ace30ae2bf7e89ed458fc7e46a194" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32597", "VendorIDs": [ "GHSA-752w-5fwx-jx9f" ], "PkgID": "PyJWT@2.10.1", "PkgName": "PyJWT", "PkgPath": "usr/lib/python3.13/site-packages/PyJWT-2.10.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyjwt@2.10.1", "UID": "fd5c864fb9f93e30", "BOMRef": "pkg:pypi/pyjwt@2.10.1" }, "InstalledVersion": "2.10.1", "FixedVersion": "2.12.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32597", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:323bb010b2576f5d379e9c36fddf2b61e386778045670c235e9b108a63b1dd14", "Title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)", "Description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.", "Severity": "HIGH", "CweIDs": [ "CWE-345", "CWE-863" ], "VendorSeverity": { "amazon": 2, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32597", "https://github.com/jpadilla/pyjwt", "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f", "https://nvd.nist.gov/vuln/detail/CVE-2026-32597", "https://ubuntu.com/security/notices/USN-8133-1", "https://www.cve.org/CVERecord?id=CVE-2026-32597" ], "PublishedDate": "2026-03-13T19:55:09.5Z", "LastModifiedDate": "2026-03-19T13:30:29.217Z" }, { "VulnerabilityID": "CVE-2026-4539", "VendorIDs": [ "GHSA-5239-wwwm-4pmq" ], "PkgID": "Pygments@2.19.2", "PkgName": "Pygments", "PkgPath": "usr/lib/python3.13/site-packages/pygments-2.19.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pygments@2.19.2", "UID": "6c339d3d6f0b189c", "BOMRef": "pkg:pypi/pygments@2.19.2" }, "InstalledVersion": "2.19.2", "FixedVersion": "2.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4539", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ebde05e4d8dcd73a17075046f3361dd78663645fafd33c8dceda93495fbf43d3", "Title": "pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer", "Description": "A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4539", "https://github.com/pygments/pygments", "https://github.com/pygments/pygments/", "https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc", "https://github.com/pygments/pygments/issues/3058", "https://github.com/pygments/pygments/pull/3064", "https://github.com/pygments/pygments/releases/tag/2.20.0", "https://nvd.nist.gov/vuln/detail/CVE-2026-4539", "https://vuldb.com/?ctiid.352327", "https://vuldb.com/?id.352327", "https://vuldb.com/?submit.774685", "https://www.cve.org/CVERecord?id=CVE-2026-4539" ], "PublishedDate": "2026-03-22T06:16:20.913Z", "LastModifiedDate": "2026-03-23T14:31:37.267Z" }, { "VulnerabilityID": "CVE-2026-27199", "VendorIDs": [ "GHSA-29vq-49wr-vm6x" ], "PkgID": "Werkzeug@3.1.5", "PkgName": "Werkzeug", "PkgPath": "usr/lib/python3.13/site-packages/werkzeug-3.1.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/werkzeug@3.1.5", "UID": "e8aff0bccc8e2b2e", "BOMRef": "pkg:pypi/werkzeug@3.1.5" }, "InstalledVersion": "3.1.5", "FixedVersion": "3.1.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27199", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:b74093257aea6d80fffd3b934cf4c8a45ed926648e9620a2b9f1051e92cbc088", "Title": " Werkzeug safe_join() allows Windows special device names", "Description": "Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safe_join accepts paths with multiple segments, such as example/NUL. The function send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been fixed in version 3.1.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-67" ], "VendorSeverity": { "ghsa": 2, "nvd": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://github.com/pallets/werkzeug", "https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d", "https://github.com/pallets/werkzeug/releases/tag/3.1.6", "https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x", "https://nvd.nist.gov/vuln/detail/CVE-2026-27199" ], "PublishedDate": "2026-02-21T06:17:00.71Z", "LastModifiedDate": "2026-03-03T17:30:17.783Z" }, { "VulnerabilityID": "CVE-2026-22815", "VendorIDs": [ "GHSA-w2fm-2cpv-w7v5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22815", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e297cb5a8fd78db1e9ad3bb29c1a40a1df63eabccc96ee4b5deb56e6c856a4ab", "Title": "aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22815", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5", "https://nvd.nist.gov/vuln/detail/CVE-2026-22815", "https://www.cve.org/CVERecord?id=CVE-2026-22815" ], "PublishedDate": "2026-04-01T21:16:58.513Z", "LastModifiedDate": "2026-04-04T04:17:11.5Z" }, { "VulnerabilityID": "CVE-2026-34515", "VendorIDs": [ "GHSA-p998-jp59-783m" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34515", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:aa0ff32af4423f451a9b5ca9ffda6e685d476c23cfcad9f23218d016963c6ee4", "Title": "aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-36", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34515", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m", "https://nvd.nist.gov/vuln/detail/CVE-2026-34515", "https://www.cve.org/CVERecord?id=CVE-2026-34515" ], "PublishedDate": "2026-04-01T21:16:59.57Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34516", "VendorIDs": [ "GHSA-m5qp-6w8w-w647" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34516", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:866e8a4d5186c80beaf50090938ccce515a3aaa37fd8a0f3288f6eb882018131", "Title": "aiohttp: AIOHTTP: Denial of Service via excessive multipart headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34516", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/8a74257b3804c9aac0bf644af93070f68f6c5a6f", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m5qp-6w8w-w647", "https://nvd.nist.gov/vuln/detail/CVE-2026-34516", "https://www.cve.org/CVERecord?id=CVE-2026-34516" ], "PublishedDate": "2026-04-01T21:16:59.723Z", "LastModifiedDate": "2026-04-04T04:17:20.147Z" }, { "VulnerabilityID": "CVE-2026-34525", "VendorIDs": [ "GHSA-c427-h43c-vf67" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34525", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e84f570f991af8f81da0073310141adbbe376c44e2bb855e226ffeb8826b2695", "Title": "aiohttp: aiohttp: Security bypass via multiple Host headers", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-444" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N", "V40Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34525", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000", "https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-c427-h43c-vf67", "https://nvd.nist.gov/vuln/detail/CVE-2026-34525", "https://www.cve.org/CVERecord?id=CVE-2026-34525" ], "PublishedDate": "2026-04-01T21:17:00.49Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34513", "VendorIDs": [ "GHSA-hcc4-c3v8-rx92" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34513", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:96526097b9e565fbcbf5ef8c916c84641b20edb5fca07d11d43577d13d9175e1", "Title": "aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34513", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92", "https://nvd.nist.gov/vuln/detail/CVE-2026-34513", "https://www.cve.org/CVERecord?id=CVE-2026-34513" ], "PublishedDate": "2026-04-01T21:16:59.267Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34514", "VendorIDs": [ "GHSA-2vrm-gr82-f7m5" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34514", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:e702c6a7f468a334f650f8b9550cb73a6231ea5b2f4a9cfd8d21e0428e1a106a", "Title": "aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34514", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5", "https://nvd.nist.gov/vuln/detail/CVE-2026-34514", "https://www.cve.org/CVERecord?id=CVE-2026-34514" ], "PublishedDate": "2026-04-01T21:16:59.417Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34517", "VendorIDs": [ "GHSA-3wq7-rqq7-wx6j" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34517", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:a54f789989605bca58808a5eb74e695bddcaf31106f6193215b12e8ab415dc30", "Title": "aiohttp: AIOHTTP: Denial of Service via large multipart form fields", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34517", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j", "https://nvd.nist.gov/vuln/detail/CVE-2026-34517", "https://www.cve.org/CVERecord?id=CVE-2026-34517" ], "PublishedDate": "2026-04-01T21:16:59.87Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34518", "VendorIDs": [ "GHSA-966j-vmvw-g2g9" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34518", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:17f8068b71428244ee87fc4bd501180d108baf2d9105f003b3bb86d35173ad70", "Title": "aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34518", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9", "https://nvd.nist.gov/vuln/detail/CVE-2026-34518", "https://www.cve.org/CVERecord?id=CVE-2026-34518" ], "PublishedDate": "2026-04-01T21:17:00.02Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34519", "VendorIDs": [ "GHSA-mwh4-6h8g-pg8w" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34519", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c677ff157a1bb25fab314b79823db49eca07785b4ab4ea1dd8c7d70fb78e8fe3", "Title": "aiohttp: aiohttp: Header injection vulnerability via reason parameter", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34519", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w", "https://nvd.nist.gov/vuln/detail/CVE-2026-34519", "https://www.cve.org/CVERecord?id=CVE-2026-34519" ], "PublishedDate": "2026-04-01T21:17:00.17Z", "LastModifiedDate": "2026-04-03T16:10:52.68Z" }, { "VulnerabilityID": "CVE-2026-34520", "VendorIDs": [ "GHSA-63hf-3vf5-4wqf" ], "PkgID": "aiohttp@3.13.3", "PkgName": "aiohttp", "PkgPath": "usr/lib/python3.13/site-packages/aiohttp-3.13.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/aiohttp@3.13.3", "UID": "c101fb31f47f7a0d", "BOMRef": "pkg:pypi/aiohttp@3.13.3" }, "InstalledVersion": "3.13.3", "FixedVersion": "3.13.4", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34520", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:0770c420fed18efd646b9b1025c31ad6b249ef4b7310b4e44012f102049b74b9", "Title": "aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling", "Description": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.", "Severity": "LOW", "CweIDs": [ "CWE-113" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34520", "https://github.com/aio-libs/aiohttp", "https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4", "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4", "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf", "https://nvd.nist.gov/vuln/detail/CVE-2026-34520", "https://www.cve.org/CVERecord?id=CVE-2026-34520" ], "PublishedDate": "2026-04-01T21:17:00.333Z", "LastModifiedDate": "2026-04-04T04:17:20.773Z" }, { "VulnerabilityID": "CVE-2026-26007", "VendorIDs": [ "GHSA-r6ph-v2qm-q3c2" ], "PkgID": "cryptography@44.0.1", "PkgName": "cryptography", "PkgPath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "1d0185c1f344527", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "InstalledVersion": "44.0.1", "FixedVersion": "46.0.5", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26007", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:59598b9c8996610654c3b867f4c5eda7fe99ac2e387ebb068c981cb72d98d867", "Title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves", "Description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.", "Severity": "HIGH", "CweIDs": [ "CWE-345" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "nvd": 2, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/10/4", "https://access.redhat.com/security/cve/CVE-2026-26007", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c", "https://github.com/pyca/cryptography/releases/tag/46.0.5", "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2", "https://nvd.nist.gov/vuln/detail/CVE-2026-26007", "https://ubuntu.com/security/notices/USN-8087-1", "https://www.cve.org/CVERecord?id=CVE-2026-26007" ], "PublishedDate": "2026-02-10T22:17:00.307Z", "LastModifiedDate": "2026-02-23T15:40:33.787Z" }, { "VulnerabilityID": "CVE-2026-34073", "VendorIDs": [ "GHSA-m959-cc7f-wv43" ], "PkgID": "cryptography@44.0.1", "PkgName": "cryptography", "PkgPath": "usr/lib/python3.13/site-packages/cryptography-44.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/cryptography@44.0.1", "UID": "1d0185c1f344527", "BOMRef": "pkg:pypi/cryptography@44.0.1" }, "InstalledVersion": "44.0.1", "FixedVersion": "46.0.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34073", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:226ad6022a88accfdccf5a169731bd617b5b1a38e5b2239d2c219f40d95125fb", "Title": "cryptography: python: Cryptography: Security bypass due to improper DNS name constraint validation", "Description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.", "Severity": "LOW", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "ghsa": 1, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "V40Score": 1.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34073", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43", "https://nvd.nist.gov/vuln/detail/CVE-2026-34073", "https://www.cve.org/CVERecord?id=CVE-2026-34073" ], "PublishedDate": "2026-03-31T03:15:59.123Z", "LastModifiedDate": "2026-04-01T14:24:02.583Z" }, { "VulnerabilityID": "CVE-2026-35030", "VendorIDs": [ "GHSA-jjhc-v7c2-5hh6" ], "PkgID": "litellm@1.81.3", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.3", "UID": "4b71d9e9aa29a0e6", "BOMRef": "pkg:pypi/litellm@1.81.3" }, "InstalledVersion": "1.81.3", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35030", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:de58b9b5bc256027884f791121a1f4f8f8e4176c373139a2a420786b0bf09260", "Title": "LiteLLM: Authentication bypass via OIDC userinfo cache key collision", "Description": "### Impact\n\nWhen JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters.\n\nThis configuration option is not enabled by default. **Most instances are not affected.**\n\nAn unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled.\n\n### Patches\n\nFixed in v1.83.0. The cache key now uses the full hash of the JWT token.\n\n### Workarounds\n\nDisable OIDC userinfo caching by setting the cache TTL to 0, or disable JWT authentication entirely.", "Severity": "CRITICAL", "VendorSeverity": { "ghsa": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "V40Score": 9.4 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6" ] }, { "VulnerabilityID": "CVE-2026-35029", "VendorIDs": [ "GHSA-53mr-6c8q-9789" ], "PkgID": "litellm@1.81.3", "PkgName": "litellm", "PkgPath": "usr/lib/python3.13/site-packages/litellm-1.81.3.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/litellm@1.81.3", "UID": "4b71d9e9aa29a0e6", "BOMRef": "pkg:pypi/litellm@1.81.3" }, "InstalledVersion": "1.81.3", "FixedVersion": "1.83.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-35029", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:3ef7130a01a4a3fabb9c6bf17ffbb21d8c75fd98f6c19c3e9f61ac49bf5ede2a", "Title": "LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint", "Description": "### Impact\n\nThe `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following:\n\n - Modify proxy configuration and environment variables\n - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution\n - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image\n - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables\n\n### Patches\n\nFixed in v1.83.0. The endpoint now requires `proxy_admin` role.\n\n### Workarounds\n\nRestrict API key distribution. There is no configuration-level workaround.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/BerriAI/litellm", "https://github.com/BerriAI/litellm/security/advisories/GHSA-53mr-6c8q-9789" ] }, { "VulnerabilityID": "CVE-2025-67221", "VendorIDs": [ "GHSA-hx9q-6w63-j58v" ], "PkgID": "orjson@3.11.2", "PkgName": "orjson", "PkgPath": "usr/lib/python3.13/site-packages/orjson-3.11.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/orjson@3.11.2", "UID": "7cbdd61a8da90316", "BOMRef": "pkg:pypi/orjson@3.11.2" }, "InstalledVersion": "3.11.2", "FixedVersion": "3.11.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-67221", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:cd210466de72f773215aa2ebbe00b435ba0e3408c08fde07b478d71b07d32f33", "Title": "orjson: orjson: Denial of Service due to unbounded recursion with deeply nested JSON documents", "Description": "The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 7.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-67221", "https://github.com/ijl/orjson", "https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370", "https://github.com/ijl/orjson/issues/620", "https://github.com/kpatsakis/CVE-2025-67221/issues/1", "https://github.com/kpatsakis/orjson_vulnerability", "https://nvd.nist.gov/vuln/detail/CVE-2025-67221", "https://www.cve.org/CVERecord?id=CVE-2025-67221" ], "PublishedDate": "2026-01-22T17:16:01.433Z", "LastModifiedDate": "2026-02-12T15:03:09.79Z" }, { "VulnerabilityID": "CVE-2026-25990", "VendorIDs": [ "GHSA-cfh3-3jmp-rvhc" ], "PkgID": "pillow@11.0.0", "PkgName": "pillow", "PkgPath": "usr/lib/python3.13/site-packages/pillow-11.0.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pillow@11.0.0", "UID": "d30720831dca53df", "BOMRef": "pkg:pypi/pillow@11.0.0" }, "InstalledVersion": "11.0.0", "FixedVersion": "12.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25990", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:46d7f0de8fa4e904ad55e3d74d736d68302410aca15bcf663e5490b24e1bbe96", "Title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image", "Description": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "ghsa": 3, "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 8.9 }, "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 8.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/12/1", "https://access.redhat.com/security/cve/CVE-2026-25990", "https://github.com/python-pillow/Pillow", "https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199", "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa", "https://github.com/python-pillow/Pillow/pull/9427", "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc", "https://nvd.nist.gov/vuln/detail/CVE-2026-25990", "https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html", "https://ubuntu.com/security/notices/USN-8047-1", "https://www.cve.org/CVERecord?id=CVE-2026-25990" ], "PublishedDate": "2026-02-11T21:16:20.67Z", "LastModifiedDate": "2026-02-13T21:32:55.623Z" }, { "VulnerabilityID": "CVE-2026-30922", "VendorIDs": [ "GHSA-jr27-m4p2-rc6r" ], "PkgID": "pyasn1@0.6.2", "PkgName": "pyasn1", "PkgPath": "usr/lib/python3.13/site-packages/pyasn1-0.6.2.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pyasn1@0.6.2", "UID": "ab15d3464870ef25", "BOMRef": "pkg:pypi/pyasn1@0.6.2" }, "InstalledVersion": "0.6.2", "FixedVersion": "0.6.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-30922", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:c8b01b67777a21a211fe112adb623397adbfa193f38a4aca319365ee454edac6", "Title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion", "Description": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/4", "https://access.redhat.com/security/cve/CVE-2026-30922", "https://github.com/pyasn1/pyasn1", "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0", "https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8", "https://github.com/pyasn1/pyasn1/releases/tag/v0.6.3", "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r", "https://nvd.nist.gov/vuln/detail/CVE-2026-30922", "https://ubuntu.com/security/notices/USN-8129-1", "https://ubuntu.com/security/notices/USN-8134-1", "https://www.cve.org/CVERecord?id=CVE-2026-30922" ], "PublishedDate": "2026-03-18T04:17:18.397Z", "LastModifiedDate": "2026-03-21T01:17:06.36Z" }, { "VulnerabilityID": "CVE-2026-24486", "VendorIDs": [ "GHSA-wp53-j4wj-2cfg" ], "PkgID": "python-multipart@0.0.18", "PkgName": "python-multipart", "PkgPath": "usr/lib/python3.13/site-packages/python_multipart-0.0.18.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/python-multipart@0.0.18", "UID": "c828399738b6cac4", "BOMRef": "pkg:pypi/python-multipart@0.0.18" }, "InstalledVersion": "0.0.18", "FixedVersion": "0.0.22", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24486", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:18d1efb4658c002fef21517997c295a7a3236beeaa876f937ecef41415378a25", "Title": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability", "Description": "Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "V3Score": 8.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24486", "https://github.com/Kludex/python-multipart", "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4", "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 (0.0.22)", "https://github.com/Kludex/python-multipart/releases/tag/0.0.22", "https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg", "https://nvd.nist.gov/vuln/detail/CVE-2026-24486", "https://ubuntu.com/security/notices/USN-8027-1", "https://www.cve.org/CVERecord?id=CVE-2026-24486" ], "PublishedDate": "2026-01-27T01:16:02.303Z", "LastModifiedDate": "2026-02-17T20:44:50.21Z" }, { "VulnerabilityID": "CVE-2026-25645", "VendorIDs": [ "GHSA-gc5v-m9x4-r6x2" ], "PkgID": "requests@2.32.5", "PkgName": "requests", "PkgPath": "usr/lib/python3.13/site-packages/requests-2.32.5.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/requests@2.32.5", "UID": "f61bbf1fde9cdf8f", "BOMRef": "pkg:pypi/requests@2.32.5" }, "InstalledVersion": "2.32.5", "FixedVersion": "2.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:dc83ab2d185439e8b51100e3fd0c984390b53c2def584ac033a644974e5354ef", "DiffID": "sha256:e0637b97ae90a68b018063b00c5ae03ed7b78aefedbcea3997e00b3452ad21f0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25645", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:2b3005b07dc5a6b7e5412ddcf35545abddc5483e79b217a7af964879fbbeb4d4", "Title": "requests: Requests: Security bypass due to predictable temporary file creation", "Description": "Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-377" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25645", "https://github.com/psf/requests", "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7", "https://github.com/psf/requests/releases/tag/v2.33.0", "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25645", "https://www.cve.org/CVERecord?id=CVE-2026-25645" ], "PublishedDate": "2026-03-25T17:16:52.97Z", "LastModifiedDate": "2026-03-30T14:23:16.127Z" }, { "VulnerabilityID": "CVE-2026-31958", "VendorIDs": [ "GHSA-qjxf-f2mg-c6mc" ], "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "6fc19517b2c2b03", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31958", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:10b5831ac0a0f1c5feae09fe9ece4ce967a81416be39c47bd967452119025f77", "Title": "tornado-python: Tornado: Denial of Service via large multipart bodies", "Description": "Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31958", "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/119a195e290c43ad2d63a2cf012c29d43d6ed839", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-qjxf-f2mg-c6mc", "https://lists.debian.org/debian-lts-announce/2026/04/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-31958", "https://www.cve.org/CVERecord?id=CVE-2026-31958" ], "PublishedDate": "2026-03-11T20:16:16.617Z", "LastModifiedDate": "2026-04-01T15:23:00.217Z" }, { "VulnerabilityID": "GHSA-78cv-mqj4-43f7", "PkgID": "tornado@6.5.4", "PkgName": "tornado", "PkgPath": "usr/lib/python3.13/site-packages/tornado-6.5.4.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/tornado@6.5.4", "UID": "6fc19517b2c2b03", "BOMRef": "pkg:pypi/tornado@6.5.4" }, "InstalledVersion": "6.5.4", "FixedVersion": "6.5.5", "Status": "fixed", "Layer": { "Digest": "sha256:a265b6ffdb220ae66d77f9273b88d0d1ecd43ced30dad41c3cb9abbec42a55f0", "DiffID": "sha256:9d5d3ff02a88a45dd39660f68c589c6fd225a1c8ad19372833562d02bf50e35c" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-78cv-mqj4-43f7", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:f1ac92fd089dcd90594868f05741f3d0f04d06b7805421f130ef6c9c03c5ab43", "Title": "Tornado has incomplete validation of cookie attributes", "Description": "Values passed to the `domain`, `path`, and `samesite` arguments of `RequestHandler.set_cookie` were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://github.com/tornadoweb/tornado", "https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104", "https://github.com/tornadoweb/tornado/releases/tag/v6.5.5", "https://github.com/tornadoweb/tornado/security/advisories/GHSA-78cv-mqj4-43f7" ], "PublishedDate": "2026-03-11T22:17:00Z", "LastModifiedDate": "2026-03-11T22:17:00Z" } ] } ] }