Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| HIGH | CVE-2025-62727 | starlette | 0.41.3 | 0.49.1 | starlette: Starlette DoS via Range header merging |
| MEDIUM | CVE-2025-54121 | starlette | 0.41.3 | 0.47.2 | starlette: Starlette denial-of-service |
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| ✅ No misconfigurations found | ||||
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c74c3-46a0-7873-ba73-09f74554b356",
"CreatedAt": "2026-02-19T07:18:00.608554693Z",
"ArtifactID": "sha256:9a8feb4929bcc6aa9b75a3d285fefe5da7fb869823b88602ec6aa95320693a56",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-abb-edge.git",
"Branch": "vulnerability-scans",
"Commit": "5c2ae4f8b9bf2e1056b0645814642b050fd5eb18",
"CommitMsg": "version fixes",
"Author": "eizen-surya <suryavignesh.kapuganti@eizen.ai>",
"Committer": "eizen-surya <suryavignesh.kapuganti@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "GPUtil",
"Identifier": {
"PURL": "pkg:pypi/gputil@1.4.0",
"UID": "b6831d945226c44d"
},
"Version": "1.4.0",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "Jinja2",
"Identifier": {
"PURL": "pkg:pypi/jinja2@3.1.6",
"UID": "b1a2991fcdfba11a"
},
"Version": "3.1.6",
"Locations": [
{
"StartLine": 22,
"EndLine": 22
}
],
"AnalyzedBy": "pip"
},
{
"Name": "MarkupSafe",
"Identifier": {
"PURL": "pkg:pypi/markupsafe@3.0.3",
"UID": "f655cd935163a22c"
},
"Version": "3.0.3",
"Locations": [
{
"StartLine": 28,
"EndLine": 28
}
],
"AnalyzedBy": "pip"
},
{
"Name": "PyYAML",
"Identifier": {
"PURL": "pkg:pypi/pyyaml@6.0.3",
"UID": "829240b0e6c96261"
},
"Version": "6.0.3",
"Locations": [
{
"StartLine": 63,
"EndLine": 63
}
],
"AnalyzedBy": "pip"
},
{
"Name": "annotated-doc",
"Identifier": {
"PURL": "pkg:pypi/annotated-doc@0.0.4",
"UID": "6441f6fc58e68b67"
},
"Version": "0.0.4",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
},
{
"Name": "annotated-types",
"Identifier": {
"PURL": "pkg:pypi/annotated-types@0.7.0",
"UID": "b90b81967396b612"
},
"Version": "0.7.0",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "anyio",
"Identifier": {
"PURL": "pkg:pypi/anyio@4.12.1",
"UID": "a3d3d86f1ab3a0ce"
},
"Version": "4.12.1",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "certifi",
"Identifier": {
"PURL": "pkg:pypi/certifi@2025.11.12",
"UID": "9bf1f9add8dd0301"
},
"Version": "2025.11.12",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "cffi",
"Identifier": {
"PURL": "pkg:pypi/cffi@2.0.0",
"UID": "2c34688ca33d9c51"
},
"Version": "2.0.0",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "charset-normalizer",
"Identifier": {
"PURL": "pkg:pypi/charset-normalizer@3.4.4",
"UID": "67cacad2c1f33e1d"
},
"Version": "3.4.4",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "click",
"Identifier": {
"PURL": "pkg:pypi/click@8.3.1",
"UID": "aef18ab40741a21"
},
"Version": "8.3.1",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "contourpy",
"Identifier": {
"PURL": "pkg:pypi/contourpy@1.3.3",
"UID": "143c3c7c47063277"
},
"Version": "1.3.3",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "cryptography",
"Identifier": {
"PURL": "pkg:pypi/cryptography@46.0.5",
"UID": "8552b6c6b63d8ad"
},
"Version": "46.0.5",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "cycler",
"Identifier": {
"PURL": "pkg:pypi/cycler@0.12.1",
"UID": "6d3aa8d04a44f9f6"
},
"Version": "0.12.1",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "dill",
"Identifier": {
"PURL": "pkg:pypi/dill@0.4.1",
"UID": "a95da748304a1b9b"
},
"Version": "0.4.1",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "dnspython",
"Identifier": {
"PURL": "pkg:pypi/dnspython@2.8.0",
"UID": "7e925ffe25c5c0e7"
},
"Version": "2.8.0",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.129.0",
"UID": "b27531d026f8693f"
},
"Version": "0.129.0",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "filelock",
"Identifier": {
"PURL": "pkg:pypi/filelock@3.24.3",
"UID": "d4d188343c0181bf"
},
"Version": "3.24.3",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fonttools",
"Identifier": {
"PURL": "pkg:pypi/fonttools@4.61.0",
"UID": "69f722f814f24616"
},
"Version": "4.61.0",
"Locations": [
{
"StartLine": 15,
"EndLine": 15
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fsspec",
"Identifier": {
"PURL": "pkg:pypi/fsspec@2025.12.0",
"UID": "16bcdc6a45cfc943"
},
"Version": "2025.12.0",
"Locations": [
{
"StartLine": 16,
"EndLine": 16
}
],
"AnalyzedBy": "pip"
},
{
"Name": "h11",
"Identifier": {
"PURL": "pkg:pypi/h11@0.16.0",
"UID": "e86634f07480c841"
},
"Version": "0.16.0",
"Locations": [
{
"StartLine": 18,
"EndLine": 18
}
],
"AnalyzedBy": "pip"
},
{
"Name": "httpcore",
"Identifier": {
"PURL": "pkg:pypi/httpcore@1.0.9",
"UID": "1ad4aaa4c956a240"
},
"Version": "1.0.9",
"Locations": [
{
"StartLine": 19,
"EndLine": 19
}
],
"AnalyzedBy": "pip"
},
{
"Name": "httpx",
"Identifier": {
"PURL": "pkg:pypi/httpx@0.28.1",
"UID": "a4f9e5135d4ca564"
},
"Version": "0.28.1",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "idna",
"Identifier": {
"PURL": "pkg:pypi/idna@3.11",
"UID": "c7088f207a5d98da"
},
"Version": "3.11",
"Locations": [
{
"StartLine": 21,
"EndLine": 21
}
],
"AnalyzedBy": "pip"
},
{
"Name": "kafka-python-ng",
"Identifier": {
"PURL": "pkg:pypi/kafka-python-ng@2.2.3",
"UID": "35ae487a24f0d2f"
},
"Version": "2.2.3",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "kiwisolver",
"Identifier": {
"PURL": "pkg:pypi/kiwisolver@1.4.9",
"UID": "e7ec4ab17b5bc54b"
},
"Version": "1.4.9",
"Locations": [
{
"StartLine": 24,
"EndLine": 24
}
],
"AnalyzedBy": "pip"
},
{
"Name": "lap",
"Identifier": {
"PURL": "pkg:pypi/lap@0.5.12",
"UID": "6cb28746db11770d"
},
"Version": "0.5.12",
"Locations": [
{
"StartLine": 25,
"EndLine": 25
}
],
"AnalyzedBy": "pip"
},
{
"Name": "lxml",
"Identifier": {
"PURL": "pkg:pypi/lxml@6.0.2",
"UID": "b0c0030e291810e2"
},
"Version": "6.0.2",
"Locations": [
{
"StartLine": 26,
"EndLine": 26
}
],
"AnalyzedBy": "pip"
},
{
"Name": "lz4",
"Identifier": {
"PURL": "pkg:pypi/lz4@4.4.5",
"UID": "905168da5f48b2a9"
},
"Version": "4.4.5",
"Locations": [
{
"StartLine": 27,
"EndLine": 27
}
],
"AnalyzedBy": "pip"
},
{
"Name": "matplotlib",
"Identifier": {
"PURL": "pkg:pypi/matplotlib@3.10.7",
"UID": "2b07df90d8d6ea34"
},
"Version": "3.10.7",
"Locations": [
{
"StartLine": 29,
"EndLine": 29
}
],
"AnalyzedBy": "pip"
},
{
"Name": "montydb",
"Identifier": {
"PURL": "pkg:pypi/montydb@2.5.6",
"UID": "d8eca48ea4f3b98"
},
"Version": "2.5.6",
"Locations": [
{
"StartLine": 30,
"EndLine": 30
}
],
"AnalyzedBy": "pip"
},
{
"Name": "mpmath",
"Identifier": {
"PURL": "pkg:pypi/mpmath@1.3.0",
"UID": "2fc3f25cad6e716c"
},
"Version": "1.3.0",
"Locations": [
{
"StartLine": 31,
"EndLine": 31
}
],
"AnalyzedBy": "pip"
},
{
"Name": "networkx",
"Identifier": {
"PURL": "pkg:pypi/networkx@3.6.1",
"UID": "f40339fabcdc8520"
},
"Version": "3.6.1",
"Locations": [
{
"StartLine": 32,
"EndLine": 32
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@2.2.6",
"UID": "a575f64ae2fbcd4d"
},
"Version": "2.2.6",
"Locations": [
{
"StartLine": 33,
"EndLine": 33
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cublas-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cublas-cu12@12.8.4.1",
"UID": "771f8668014c3b92"
},
"Version": "12.8.4.1",
"Locations": [
{
"StartLine": 34,
"EndLine": 34
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cuda-cupti-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cuda-cupti-cu12@12.8.90",
"UID": "3b8cbb5598414d06"
},
"Version": "12.8.90",
"Locations": [
{
"StartLine": 35,
"EndLine": 35
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cuda-nvrtc-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cuda-nvrtc-cu12@12.8.93",
"UID": "8fedee4d985fb911"
},
"Version": "12.8.93",
"Locations": [
{
"StartLine": 36,
"EndLine": 36
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cuda-runtime-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cuda-runtime-cu12@12.8.90",
"UID": "1b15cefb7ae477b"
},
"Version": "12.8.90",
"Locations": [
{
"StartLine": 37,
"EndLine": 37
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cudnn-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cudnn-cu12@9.10.2.21",
"UID": "70b2b9123c750d3f"
},
"Version": "9.10.2.21",
"Locations": [
{
"StartLine": 38,
"EndLine": 38
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cufft-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cufft-cu12@11.3.3.83",
"UID": "4d40bbcb9ce93793"
},
"Version": "11.3.3.83",
"Locations": [
{
"StartLine": 39,
"EndLine": 39
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cufile-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cufile-cu12@1.13.1.3",
"UID": "8fc934b95001480"
},
"Version": "1.13.1.3",
"Locations": [
{
"StartLine": 40,
"EndLine": 40
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-curand-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-curand-cu12@10.3.9.90",
"UID": "ffe57b9a2e4becbb"
},
"Version": "10.3.9.90",
"Locations": [
{
"StartLine": 41,
"EndLine": 41
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cusolver-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cusolver-cu12@11.7.3.90",
"UID": "4e147307001b2f9f"
},
"Version": "11.7.3.90",
"Locations": [
{
"StartLine": 42,
"EndLine": 42
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cusparse-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cusparse-cu12@12.5.8.93",
"UID": "752f3113e55ccc86"
},
"Version": "12.5.8.93",
"Locations": [
{
"StartLine": 43,
"EndLine": 43
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-cusparselt-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-cusparselt-cu12@0.7.1",
"UID": "ce9bf91876447aa3"
},
"Version": "0.7.1",
"Locations": [
{
"StartLine": 44,
"EndLine": 44
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-nccl-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-nccl-cu12@2.27.5",
"UID": "acdd50614fb42aad"
},
"Version": "2.27.5",
"Locations": [
{
"StartLine": 45,
"EndLine": 45
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-nvjitlink-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-nvjitlink-cu12@12.8.93",
"UID": "f9d92701bee9694c"
},
"Version": "12.8.93",
"Locations": [
{
"StartLine": 46,
"EndLine": 46
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-nvshmem-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-nvshmem-cu12@3.3.20",
"UID": "f214dc94e888ec01"
},
"Version": "3.3.20",
"Locations": [
{
"StartLine": 47,
"EndLine": 47
}
],
"AnalyzedBy": "pip"
},
{
"Name": "nvidia-nvtx-cu12",
"Identifier": {
"PURL": "pkg:pypi/nvidia-nvtx-cu12@12.8.90",
"UID": "6c16985c23712f3d"
},
"Version": "12.8.90",
"Locations": [
{
"StartLine": 48,
"EndLine": 48
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python",
"Identifier": {
"PURL": "pkg:pypi/opencv-python@4.13.0.92",
"UID": "fef1827af576661f"
},
"Version": "4.13.0.92",
"Locations": [
{
"StartLine": 49,
"EndLine": 49
}
],
"AnalyzedBy": "pip"
},
{
"Name": "packaging",
"Identifier": {
"PURL": "pkg:pypi/packaging@26.0",
"UID": "4b534a5f34c924d1"
},
"Version": "26.0",
"Locations": [
{
"StartLine": 50,
"EndLine": 50
}
],
"AnalyzedBy": "pip"
},
{
"Name": "paho-mqtt",
"Identifier": {
"PURL": "pkg:pypi/paho-mqtt@2.1.0",
"UID": "36463b3f5efd3db3"
},
"Version": "2.1.0",
"Locations": [
{
"StartLine": 51,
"EndLine": 51
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pillow",
"Identifier": {
"PURL": "pkg:pypi/pillow@12.1.1",
"UID": "a9916dde486f7d1c"
},
"Version": "12.1.1",
"Locations": [
{
"StartLine": 52,
"EndLine": 52
}
],
"AnalyzedBy": "pip"
},
{
"Name": "polars",
"Identifier": {
"PURL": "pkg:pypi/polars@1.38.1",
"UID": "ba6d0d4f311d6a70"
},
"Version": "1.38.1",
"Locations": [
{
"StartLine": 53,
"EndLine": 53
}
],
"AnalyzedBy": "pip"
},
{
"Name": "polars-runtime-32",
"Identifier": {
"PURL": "pkg:pypi/polars-runtime-32@1.38.1",
"UID": "221d8bc2ded729ce"
},
"Version": "1.38.1",
"Locations": [
{
"StartLine": 54,
"EndLine": 54
}
],
"AnalyzedBy": "pip"
},
{
"Name": "psutil",
"Identifier": {
"PURL": "pkg:pypi/psutil@7.2.2",
"UID": "aecd98b6ef4124cd"
},
"Version": "7.2.2",
"Locations": [
{
"StartLine": 55,
"EndLine": 55
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pycparser",
"Identifier": {
"PURL": "pkg:pypi/pycparser@3.0",
"UID": "e9e8515f287209e4"
},
"Version": "3.0",
"Locations": [
{
"StartLine": 56,
"EndLine": 56
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic",
"Identifier": {
"PURL": "pkg:pypi/pydantic@2.12.5",
"UID": "2278b63424210bc"
},
"Version": "2.12.5",
"Locations": [
{
"StartLine": 57,
"EndLine": 57
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic_core",
"Identifier": {
"PURL": "pkg:pypi/pydantic-core@2.41.5",
"UID": "fc676a7095bef22e"
},
"Version": "2.41.5",
"Locations": [
{
"StartLine": 58,
"EndLine": 58
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "7510ef2036bb06ba"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 59,
"EndLine": 59
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pyparsing",
"Identifier": {
"PURL": "pkg:pypi/pyparsing@3.3.2",
"UID": "f725988f8d64e82d"
},
"Version": "3.3.2",
"Locations": [
{
"StartLine": 60,
"EndLine": 60
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dateutil",
"Identifier": {
"PURL": "pkg:pypi/python-dateutil@2.9.0.post0",
"UID": "ca508129fc266b70"
},
"Version": "2.9.0.post0",
"Locations": [
{
"StartLine": 61,
"EndLine": 61
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-docx",
"Identifier": {
"PURL": "pkg:pypi/python-docx@1.2.0",
"UID": "8fc7df3675061fea"
},
"Version": "1.2.0",
"Locations": [
{
"StartLine": 62,
"EndLine": 62
}
],
"AnalyzedBy": "pip"
},
{
"Name": "redis",
"Identifier": {
"PURL": "pkg:pypi/redis@5.0.1",
"UID": "6cfc983437f0daec"
},
"Version": "5.0.1",
"Locations": [
{
"StartLine": 64,
"EndLine": 64
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "897f80b6b35996de"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 65,
"EndLine": 65
}
],
"AnalyzedBy": "pip"
},
{
"Name": "scipy",
"Identifier": {
"PURL": "pkg:pypi/scipy@1.17.0",
"UID": "4c2d463a93af9a74"
},
"Version": "1.17.0",
"Locations": [
{
"StartLine": 66,
"EndLine": 66
}
],
"AnalyzedBy": "pip"
},
{
"Name": "setuptools",
"Identifier": {
"PURL": "pkg:pypi/setuptools@82.0.0",
"UID": "bd98e646662c458c"
},
"Version": "82.0.0",
"Locations": [
{
"StartLine": 67,
"EndLine": 67
}
],
"AnalyzedBy": "pip"
},
{
"Name": "six",
"Identifier": {
"PURL": "pkg:pypi/six@1.17.0",
"UID": "91e49438b1cd2193"
},
"Version": "1.17.0",
"Locations": [
{
"StartLine": 68,
"EndLine": 68
}
],
"AnalyzedBy": "pip"
},
{
"Name": "starlette",
"Identifier": {
"PURL": "pkg:pypi/starlette@0.41.3",
"UID": "7383db0f2fba693f"
},
"Version": "0.41.3",
"Locations": [
{
"StartLine": 69,
"EndLine": 69
}
],
"AnalyzedBy": "pip"
},
{
"Name": "sympy",
"Identifier": {
"PURL": "pkg:pypi/sympy@1.14.0",
"UID": "bea4e5756dd62ff5"
},
"Version": "1.14.0",
"Locations": [
{
"StartLine": 70,
"EndLine": 70
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torch",
"Identifier": {
"PURL": "pkg:pypi/torch@2.9.1",
"UID": "7866a37784a23f5d"
},
"Version": "2.9.1",
"Locations": [
{
"StartLine": 71,
"EndLine": 71
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torchvision",
"Identifier": {
"PURL": "pkg:pypi/torchvision@0.24.1",
"UID": "a81f5e511a9689e1"
},
"Version": "0.24.1",
"Locations": [
{
"StartLine": 72,
"EndLine": 72
}
],
"AnalyzedBy": "pip"
},
{
"Name": "triton",
"Identifier": {
"PURL": "pkg:pypi/triton@3.5.1",
"UID": "758f011064d52611"
},
"Version": "3.5.1",
"Locations": [
{
"StartLine": 73,
"EndLine": 73
}
],
"AnalyzedBy": "pip"
},
{
"Name": "typing-inspection",
"Identifier": {
"PURL": "pkg:pypi/typing-inspection@0.4.2",
"UID": "f9ef9c2ec1de8dc7"
},
"Version": "0.4.2",
"Locations": [
{
"StartLine": 75,
"EndLine": 75
}
],
"AnalyzedBy": "pip"
},
{
"Name": "typing_extensions",
"Identifier": {
"PURL": "pkg:pypi/typing-extensions@4.15.0",
"UID": "c1bd50099d21696b"
},
"Version": "4.15.0",
"Locations": [
{
"StartLine": 74,
"EndLine": 74
}
],
"AnalyzedBy": "pip"
},
{
"Name": "ultralytics",
"Identifier": {
"PURL": "pkg:pypi/ultralytics@8.3.233",
"UID": "337090e9c5d6c72c"
},
"Version": "8.3.233",
"Locations": [
{
"StartLine": 76,
"EndLine": 76
}
],
"AnalyzedBy": "pip"
},
{
"Name": "ultralytics-thop",
"Identifier": {
"PURL": "pkg:pypi/ultralytics-thop@2.0.18",
"UID": "7d2b0dca6202fab0"
},
"Version": "2.0.18",
"Locations": [
{
"StartLine": 77,
"EndLine": 77
}
],
"AnalyzedBy": "pip"
},
{
"Name": "urllib3",
"Identifier": {
"PURL": "pkg:pypi/urllib3@2.6.3",
"UID": "71c59b312a7ac481"
},
"Version": "2.6.3",
"Locations": [
{
"StartLine": 78,
"EndLine": 78
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.41.0",
"UID": "680580eb087e3804"
},
"Version": "0.41.0",
"Locations": [
{
"StartLine": 79,
"EndLine": 79
}
],
"AnalyzedBy": "pip"
},
{
"Name": "zstandard",
"Identifier": {
"PURL": "pkg:pypi/zstandard@0.25.0",
"UID": "4cf1ac147d96f97"
},
"Version": "0.25.0",
"Locations": [
{
"StartLine": 80,
"EndLine": 80
}
],
"AnalyzedBy": "pip"
}
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2025-62727",
"VendorIDs": [
"GHSA-7f5h-v6xp-fcq8"
],
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.41.3",
"UID": "7383db0f2fba693f"
},
"InstalledVersion": "0.41.3",
"FixedVersion": "0.49.1",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62727",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:616bdf65dc5a2c2f325c6e9f114f2d97c3d721a839fa7d794afc6d147f4b4780",
"Title": "starlette: Starlette DoS via Range header merging",
"Description": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"Severity": "HIGH",
"CweIDs": [
"CWE-407"
],
"VendorSeverity": {
"ghsa": 3,
"redhat": 3
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-62727",
"https://github.com/Kludex/starlette",
"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c",
"https://github.com/Kludex/starlette/releases/tag/0.49.1",
"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"https://www.cve.org/CVERecord?id=CVE-2025-62727"
],
"PublishedDate": "2025-10-28T21:15:40.447Z",
"LastModifiedDate": "2025-11-04T18:16:45.48Z"
},
{
"VulnerabilityID": "CVE-2025-54121",
"VendorIDs": [
"GHSA-2c2j-9gv5-cj73"
],
"PkgName": "starlette",
"PkgIdentifier": {
"PURL": "pkg:pypi/starlette@0.41.3",
"UID": "7383db0f2fba693f"
},
"InstalledVersion": "0.41.3",
"FixedVersion": "0.47.2",
"Status": "fixed",
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-54121",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
"Fingerprint": "sha256:e9283c004d42a69be38473b63f3947d6430566bdd5e397e07f794735c9e5e70d",
"Title": "starlette: Starlette denial-of-service",
"Description": "Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-770"
],
"VendorSeverity": {
"ghsa": 2,
"redhat": 2
},
"CVSS": {
"ghsa": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"V3Score": 5.3
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2025-54121",
"https://github.com/encode/starlette",
"https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14",
"https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1",
"https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403",
"https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73",
"https://nvd.nist.gov/vuln/detail/CVE-2025-54121",
"https://www.cve.org/CVERecord?id=CVE-2025-54121"
],
"PublishedDate": "2025-07-21T20:15:41.827Z",
"LastModifiedDate": "2025-07-22T13:05:40.573Z"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 24,
"Failures": 0
}
}
]
}